mirror of https://github.com/MISP/misp-website
5082 lines
240 KiB
HTML
Executable File
5082 lines
240 KiB
HTML
Executable File
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="generator" content="Asciidoctor 1.5.6">
|
|
<title>MISP Objects</title>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
|
|
<style>
|
|
/* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */
|
|
/* Remove comment around @import statement below when using as a custom stylesheet */
|
|
/*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/
|
|
article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}
|
|
audio,canvas,video{display:inline-block}
|
|
audio:not([controls]){display:none;height:0}
|
|
[hidden],template{display:none}
|
|
script{display:none!important}
|
|
html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
|
|
a{background:transparent}
|
|
a:focus{outline:thin dotted}
|
|
a:active,a:hover{outline:0}
|
|
h1{font-size:2em;margin:.67em 0}
|
|
abbr[title]{border-bottom:1px dotted}
|
|
b,strong{font-weight:bold}
|
|
dfn{font-style:italic}
|
|
hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
|
|
mark{background:#ff0;color:#000}
|
|
code,kbd,pre,samp{font-family:monospace;font-size:1em}
|
|
pre{white-space:pre-wrap}
|
|
q{quotes:"\201C" "\201D" "\2018" "\2019"}
|
|
small{font-size:80%}
|
|
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
|
|
sup{top:-.5em}
|
|
sub{bottom:-.25em}
|
|
img{border:0}
|
|
svg:not(:root){overflow:hidden}
|
|
figure{margin:0}
|
|
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
|
|
legend{border:0;padding:0}
|
|
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
|
|
button,input{line-height:normal}
|
|
button,select{text-transform:none}
|
|
button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
|
|
button[disabled],html input[disabled]{cursor:default}
|
|
input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
|
|
input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}
|
|
input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}
|
|
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
|
|
textarea{overflow:auto;vertical-align:top}
|
|
table{border-collapse:collapse;border-spacing:0}
|
|
*,*:before,*:after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
|
|
html,body{font-size:100%}
|
|
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto;tab-size:4;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
|
|
a:hover{cursor:pointer}
|
|
img,object,embed{max-width:100%;height:auto}
|
|
object,embed{height:100%}
|
|
img{-ms-interpolation-mode:bicubic}
|
|
.left{float:left!important}
|
|
.right{float:right!important}
|
|
.text-left{text-align:left!important}
|
|
.text-right{text-align:right!important}
|
|
.text-center{text-align:center!important}
|
|
.text-justify{text-align:justify!important}
|
|
.hide{display:none}
|
|
img,object,svg{display:inline-block;vertical-align:middle}
|
|
textarea{height:auto;min-height:50px}
|
|
select{width:100%}
|
|
.center{margin-left:auto;margin-right:auto}
|
|
.spread{width:100%}
|
|
p.lead,.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{font-size:1.21875em;line-height:1.6}
|
|
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
|
|
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
|
|
a{color:#2156a5;text-decoration:underline;line-height:inherit}
|
|
a:hover,a:focus{color:#1d4b8f}
|
|
a img{border:none}
|
|
p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
|
p aside{font-size:.875em;line-height:1.35;font-style:italic}
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
|
|
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
|
|
h1{font-size:2.125em}
|
|
h2{font-size:1.6875em}
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
|
|
h4,h5{font-size:1.125em}
|
|
h6{font-size:1em}
|
|
hr{border:solid #ddddd8;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
|
|
em,i{font-style:italic;line-height:inherit}
|
|
strong,b{font-weight:bold;line-height:inherit}
|
|
small{font-size:60%;line-height:inherit}
|
|
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
|
|
ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
|
ul,ol{margin-left:1.5em}
|
|
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
|
|
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
|
|
ul.square{list-style-type:square}
|
|
ul.circle{list-style-type:circle}
|
|
ul.disc{list-style-type:disc}
|
|
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
|
|
dl dt{margin-bottom:.3125em;font-weight:bold}
|
|
dl dd{margin-bottom:1.25em}
|
|
abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
|
|
abbr{text-transform:none}
|
|
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
|
|
blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
|
|
blockquote cite:before{content:"\2014 \0020"}
|
|
blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
|
|
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
|
|
@media only screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
|
|
h1{font-size:2.75em}
|
|
h2{font-size:2.3125em}
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
|
|
h4{font-size:1.4375em}}
|
|
table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
|
|
table thead,table tfoot{background:#f7f8f7;font-weight:bold}
|
|
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
|
|
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
|
|
table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7}
|
|
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
|
|
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
|
|
.clearfix:before,.clearfix:after,.float-group:before,.float-group:after{content:" ";display:table}
|
|
.clearfix:after,.float-group:after{clear:both}
|
|
*:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed;word-wrap:break-word}
|
|
*:not(pre)>code.nobreak{word-wrap:normal}
|
|
*:not(pre)>code.nowrap{white-space:nowrap}
|
|
pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed}
|
|
em em{font-style:normal}
|
|
strong strong{font-weight:400}
|
|
.keyseq{color:rgba(51,51,51,.8)}
|
|
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
|
|
.keyseq kbd:first-child{margin-left:0}
|
|
.keyseq kbd:last-child{margin-right:0}
|
|
.menuseq,.menuref{color:#000}
|
|
.menuseq b:not(.caret),.menuref{font-weight:inherit}
|
|
.menuseq{word-spacing:-.02em}
|
|
.menuseq b.caret{font-size:1.25em;line-height:.8}
|
|
.menuseq i.caret{font-weight:bold;text-align:center;width:.45em}
|
|
b.button:before,b.button:after{position:relative;top:-1px;font-weight:400}
|
|
b.button:before{content:"[";padding:0 3px 0 2px}
|
|
b.button:after{content:"]";padding:0 2px 0 3px}
|
|
p a>code:hover{color:rgba(0,0,0,.9)}
|
|
#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
|
#header:before,#header:after,#content:before,#content:after,#footnotes:before,#footnotes:after,#footer:before,#footer:after{content:" ";display:table}
|
|
#header:after,#content:after,#footnotes:after,#footer:after{clear:both}
|
|
#content{margin-top:1.25em}
|
|
#content:before{content:none}
|
|
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
|
|
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #ddddd8}
|
|
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #ddddd8;padding-bottom:8px}
|
|
#header .details{border-bottom:1px solid #ddddd8;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
|
|
#header .details span:first-child{margin-left:-.125em}
|
|
#header .details span.email a{color:rgba(0,0,0,.85)}
|
|
#header .details br{display:none}
|
|
#header .details br+span:before{content:"\00a0\2013\00a0"}
|
|
#header .details br+span.author:before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
|
|
#header .details br+span#revremark:before{content:"\00a0|\00a0"}
|
|
#header #revnumber{text-transform:capitalize}
|
|
#header #revnumber:after{content:"\00a0"}
|
|
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #ddddd8;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
|
|
#toc{border-bottom:1px solid #efefed;padding-bottom:.5em}
|
|
#toc>ul{margin-left:.125em}
|
|
#toc ul.sectlevel0>li>a{font-style:italic}
|
|
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
|
|
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
|
|
#toc li{line-height:1.3334;margin-top:.3334em}
|
|
#toc a{text-decoration:none}
|
|
#toc a:active{text-decoration:underline}
|
|
#toctitle{color:#7a2518;font-size:1.2em}
|
|
@media only screen and (min-width:768px){#toctitle{font-size:1.375em}
|
|
body.toc2{padding-left:15em;padding-right:0}
|
|
#toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #efefed;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
|
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
|
|
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
|
|
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
|
|
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
|
|
body.toc2.toc-right{padding-left:0;padding-right:15em}
|
|
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #efefed;left:auto;right:0}}
|
|
@media only screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
|
|
#toc.toc2{width:20em}
|
|
#toc.toc2 #toctitle{font-size:1.375em}
|
|
#toc.toc2>ul{font-size:.95em}
|
|
#toc.toc2 ul ul{padding-left:1.25em}
|
|
body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
|
#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
|
#content #toc>:first-child{margin-top:0}
|
|
#content #toc>:last-child{margin-bottom:0}
|
|
#footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em}
|
|
#footer-text{color:rgba(255,255,255,.8);line-height:1.44}
|
|
.sect1{padding-bottom:.625em}
|
|
@media only screen and (min-width:768px){.sect1{padding-bottom:1.25em}}
|
|
.sect1+.sect1{border-top:1px solid #efefed}
|
|
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
|
|
#content h1>a.anchor:before,h2>a.anchor:before,h3>a.anchor:before,#toctitle>a.anchor:before,.sidebarblock>.content>.title>a.anchor:before,h4>a.anchor:before,h5>a.anchor:before,h6>a.anchor:before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
|
|
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
|
|
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
|
|
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
|
.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
|
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
|
|
table.tableblock>caption.title{white-space:nowrap;overflow:visible;max-width:0}
|
|
.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{color:rgba(0,0,0,.85)}
|
|
table.tableblock #preamble>.sectionbody>.paragraph:first-of-type p{font-size:inherit}
|
|
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
|
|
.admonitionblock>table td.icon{text-align:center;width:80px}
|
|
.admonitionblock>table td.icon img{max-width:initial}
|
|
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
|
|
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #ddddd8;color:rgba(0,0,0,.6)}
|
|
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
|
|
.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
|
|
.exampleblock>.content>:first-child{margin-top:0}
|
|
.exampleblock>.content>:last-child{margin-bottom:0}
|
|
.sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
|
.sidebarblock>:first-child{margin-top:0}
|
|
.sidebarblock>:last-child{margin-bottom:0}
|
|
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
|
|
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
|
|
.literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8}
|
|
.sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1}
|
|
.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;padding:1em;font-size:.8125em}
|
|
.literalblock pre.nowrap,.literalblock pre[class].nowrap,.listingblock pre.nowrap,.listingblock pre[class].nowrap{overflow-x:auto;white-space:pre;word-wrap:normal}
|
|
@media only screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}
|
|
@media only screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}
|
|
.literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)}
|
|
.listingblock pre.highlightjs{padding:0}
|
|
.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
|
|
.listingblock pre.prettyprint{border-width:0}
|
|
.listingblock>.content{position:relative}
|
|
.listingblock code[data-lang]:before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999}
|
|
.listingblock:hover code[data-lang]:before{display:block}
|
|
.listingblock.terminal pre .command:before{content:attr(data-prompt);padding-right:.5em;color:#999}
|
|
.listingblock.terminal pre .command:not([data-prompt]):before{content:"$"}
|
|
table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
|
table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0;line-height:1.45}
|
|
table.pyhltable td.code{padding-left:.75em;padding-right:0}
|
|
pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #ddddd8}
|
|
pre.pygments .lineno{display:inline-block;margin-right:.25em}
|
|
table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
|
|
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
|
.quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em}
|
|
.quoteblock blockquote,.quoteblock blockquote p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
|
.quoteblock blockquote{margin:0;padding:0;border:0}
|
|
.quoteblock blockquote:before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
|
|
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
|
|
.quoteblock .attribution{margin-top:.5em;margin-right:.5ex;text-align:right}
|
|
.quoteblock .quoteblock{margin-left:0;margin-right:0;padding:.5em 0;border-left:3px solid rgba(0,0,0,.6)}
|
|
.quoteblock .quoteblock blockquote{padding:0 0 0 .75em}
|
|
.quoteblock .quoteblock blockquote:before{display:none}
|
|
.verseblock{margin:0 1em 1.25em 1em}
|
|
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
|
.verseblock pre strong{font-weight:400}
|
|
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
|
|
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
|
|
.quoteblock .attribution br,.verseblock .attribution br{display:none}
|
|
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
|
|
.quoteblock.abstract{margin:0 0 1.25em 0;display:block}
|
|
.quoteblock.abstract blockquote,.quoteblock.abstract blockquote p{text-align:left;word-spacing:0}
|
|
.quoteblock.abstract blockquote:before,.quoteblock.abstract blockquote p:first-of-type:before{display:none}
|
|
table.tableblock{max-width:100%;border-collapse:separate}
|
|
table.tableblock td>.paragraph:last-child p>p:last-child,table.tableblock th>p:last-child,table.tableblock td>p:last-child{margin-bottom:0}
|
|
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
|
|
table.grid-all>thead>tr>.tableblock,table.grid-all>tbody>tr>.tableblock{border-width:0 1px 1px 0}
|
|
table.grid-all>tfoot>tr>.tableblock{border-width:1px 1px 0 0}
|
|
table.grid-cols>*>tr>.tableblock{border-width:0 1px 0 0}
|
|
table.grid-rows>thead>tr>.tableblock,table.grid-rows>tbody>tr>.tableblock{border-width:0 0 1px 0}
|
|
table.grid-rows>tfoot>tr>.tableblock{border-width:1px 0 0 0}
|
|
table.grid-all>*>tr>.tableblock:last-child,table.grid-cols>*>tr>.tableblock:last-child{border-right-width:0}
|
|
table.grid-all>tbody>tr:last-child>.tableblock,table.grid-all>thead:last-child>tr>.tableblock,table.grid-rows>tbody>tr:last-child>.tableblock,table.grid-rows>thead:last-child>tr>.tableblock{border-bottom-width:0}
|
|
table.frame-all{border-width:1px}
|
|
table.frame-sides{border-width:0 1px}
|
|
table.frame-topbot{border-width:1px 0}
|
|
th.halign-left,td.halign-left{text-align:left}
|
|
th.halign-right,td.halign-right{text-align:right}
|
|
th.halign-center,td.halign-center{text-align:center}
|
|
th.valign-top,td.valign-top{vertical-align:top}
|
|
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
|
|
th.valign-middle,td.valign-middle{vertical-align:middle}
|
|
table thead th,table tfoot th{font-weight:bold}
|
|
tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
|
|
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
|
|
p.tableblock>code:only-child{background:none;padding:0}
|
|
p.tableblock{font-size:1em}
|
|
td>div.verse{white-space:pre}
|
|
ol{margin-left:1.75em}
|
|
ul li ol{margin-left:1.5em}
|
|
dl dd{margin-left:1.125em}
|
|
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
|
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
|
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
|
|
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
|
|
ul.unstyled,ol.unstyled{margin-left:0}
|
|
ul.checklist{margin-left:.625em}
|
|
ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
|
ul.checklist li>p:first-child>input[type="checkbox"]:first-child{margin-right:.25em}
|
|
ul.inline{margin:0 auto .625em auto;margin-left:-1.375em;margin-right:0;padding:0;list-style:none;overflow:hidden}
|
|
ul.inline>li{list-style:none;float:left;margin-left:1.375em;display:block}
|
|
ul.inline>li>*{display:block}
|
|
.unstyled dl dt{font-weight:400;font-style:normal}
|
|
ol.arabic{list-style-type:decimal}
|
|
ol.decimal{list-style-type:decimal-leading-zero}
|
|
ol.loweralpha{list-style-type:lower-alpha}
|
|
ol.upperalpha{list-style-type:upper-alpha}
|
|
ol.lowerroman{list-style-type:lower-roman}
|
|
ol.upperroman{list-style-type:upper-roman}
|
|
ol.lowergreek{list-style-type:lower-greek}
|
|
.hdlist>table,.colist>table{border:0;background:none}
|
|
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
|
|
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
|
|
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
|
|
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
|
|
.colist>table tr>td:first-of-type{padding:.4em .75em 0 .75em;line-height:1;vertical-align:top}
|
|
.colist>table tr>td:first-of-type img{max-width:initial}
|
|
.colist>table tr>td:last-of-type{padding:.25em 0}
|
|
.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
|
|
.imageblock.left,.imageblock[style*="float: left"]{margin:.25em .625em 1.25em 0}
|
|
.imageblock.right,.imageblock[style*="float: right"]{margin:.25em 0 1.25em .625em}
|
|
.imageblock>.title{margin-bottom:0}
|
|
.imageblock.thumb,.imageblock.th{border-width:6px}
|
|
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
|
|
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
|
|
.image.left{margin-right:.625em}
|
|
.image.right{margin-left:.625em}
|
|
a.image{text-decoration:none;display:inline-block}
|
|
a.image object{pointer-events:none}
|
|
sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
|
|
sup.footnote a,sup.footnoteref a{text-decoration:none}
|
|
sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
|
|
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
|
|
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em 0;border-width:1px 0 0 0}
|
|
#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;text-indent:-1.05em;margin-bottom:.2em}
|
|
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none}
|
|
#footnotes .footnote:last-of-type{margin-bottom:0}
|
|
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
|
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
|
|
.gist .file-data>table td.line-data{width:99%}
|
|
div.unbreakable{page-break-inside:avoid}
|
|
.big{font-size:larger}
|
|
.small{font-size:smaller}
|
|
.underline{text-decoration:underline}
|
|
.overline{text-decoration:overline}
|
|
.line-through{text-decoration:line-through}
|
|
.aqua{color:#00bfbf}
|
|
.aqua-background{background-color:#00fafa}
|
|
.black{color:#000}
|
|
.black-background{background-color:#000}
|
|
.blue{color:#0000bf}
|
|
.blue-background{background-color:#0000fa}
|
|
.fuchsia{color:#bf00bf}
|
|
.fuchsia-background{background-color:#fa00fa}
|
|
.gray{color:#606060}
|
|
.gray-background{background-color:#7d7d7d}
|
|
.green{color:#006000}
|
|
.green-background{background-color:#007d00}
|
|
.lime{color:#00bf00}
|
|
.lime-background{background-color:#00fa00}
|
|
.maroon{color:#600000}
|
|
.maroon-background{background-color:#7d0000}
|
|
.navy{color:#000060}
|
|
.navy-background{background-color:#00007d}
|
|
.olive{color:#606000}
|
|
.olive-background{background-color:#7d7d00}
|
|
.purple{color:#600060}
|
|
.purple-background{background-color:#7d007d}
|
|
.red{color:#bf0000}
|
|
.red-background{background-color:#fa0000}
|
|
.silver{color:#909090}
|
|
.silver-background{background-color:#bcbcbc}
|
|
.teal{color:#006060}
|
|
.teal-background{background-color:#007d7d}
|
|
.white{color:#bfbfbf}
|
|
.white-background{background-color:#fafafa}
|
|
.yellow{color:#bfbf00}
|
|
.yellow-background{background-color:#fafa00}
|
|
span.icon>.fa{cursor:default}
|
|
a span.icon>.fa{cursor:inherit}
|
|
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
|
|
.admonitionblock td.icon .icon-note:before{content:"\f05a";color:#19407c}
|
|
.admonitionblock td.icon .icon-tip:before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
|
|
.admonitionblock td.icon .icon-warning:before{content:"\f071";color:#bf6900}
|
|
.admonitionblock td.icon .icon-caution:before{content:"\f06d";color:#bf3400}
|
|
.admonitionblock td.icon .icon-important:before{content:"\f06a";color:#bf0000}
|
|
.conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
|
.conum[data-value] *{color:#fff!important}
|
|
.conum[data-value]+b{display:none}
|
|
.conum[data-value]:after{content:attr(data-value)}
|
|
pre .conum[data-value]{position:relative;top:-.125em}
|
|
b.conum *{color:inherit!important}
|
|
.conum:not([data-value]):empty{display:none}
|
|
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
|
|
h1,h2,p,td.content,span.alt{letter-spacing:-.01em}
|
|
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
|
|
p,blockquote,dt,td.content,span.alt{font-size:1.0625rem}
|
|
p{margin-bottom:1.25rem}
|
|
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
|
|
.exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
|
.print-only{display:none!important}
|
|
@media print{@page{margin:1.25cm .75cm}
|
|
*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
|
|
a{color:inherit!important;text-decoration:underline!important}
|
|
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
|
|
a[href^="http:"]:not(.bare):after,a[href^="https:"]:not(.bare):after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
|
|
abbr[title]:after{content:" (" attr(title) ")"}
|
|
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
|
|
thead{display:table-header-group}
|
|
svg{max-width:100%}
|
|
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
|
|
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
|
|
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
|
|
#toc{border-bottom:1px solid #ddddd8!important;padding-bottom:0!important}
|
|
.sect1{padding-bottom:0!important}
|
|
.sect1+.sect1{border:0!important}
|
|
#header>h1:first-child{margin-top:1.25rem}
|
|
body.book #header{text-align:center}
|
|
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em 0}
|
|
body.book #header .details{border:0!important;display:block;padding:0!important}
|
|
body.book #header .details span:first-child{margin-left:0!important}
|
|
body.book #header .details br{display:block}
|
|
body.book #header .details br+span:before{content:none!important}
|
|
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
|
|
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
|
|
.listingblock code[data-lang]:before{display:block}
|
|
#footer{background:none!important;padding:0 .9375em}
|
|
#footer-text{color:rgba(0,0,0,.6)!important;font-size:.9em}
|
|
.hide-on-print{display:none!important}
|
|
.print-only{display:block!important}
|
|
.hide-for-print{display:none!important}
|
|
.show-for-print{display:inherit!important}}
|
|
</style>
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css">
|
|
</head>
|
|
<body class="article toc2 toc-right">
|
|
<div id="header">
|
|
<h1>MISP Objects</h1>
|
|
<div id="toc" class="toc2">
|
|
<div id="toctitle">MISP Objects</div>
|
|
<ul class="sectlevel1">
|
|
<li><a href="#_ail_leak">ail-leak</a></li>
|
|
<li><a href="#_cookie">cookie</a></li>
|
|
<li><a href="#_credit_card">credit-card</a></li>
|
|
<li><a href="#_ddos">ddos</a></li>
|
|
<li><a href="#_domain_ip">domain|ip</a></li>
|
|
<li><a href="#_elf">elf</a></li>
|
|
<li><a href="#_elf_section">elf-section</a></li>
|
|
<li><a href="#_email">email</a></li>
|
|
<li><a href="#_file">file</a></li>
|
|
<li><a href="#_geolocation">geolocation</a></li>
|
|
<li><a href="#_http_request">http-request</a></li>
|
|
<li><a href="#_ip_port">ip|port</a></li>
|
|
<li><a href="#_ja3">ja3</a></li>
|
|
<li><a href="#_macho">macho</a></li>
|
|
<li><a href="#_macho_section">macho-section</a></li>
|
|
<li><a href="#_microblog">microblog</a></li>
|
|
<li><a href="#_passive_dns">passive-dns</a></li>
|
|
<li><a href="#_paste">paste</a></li>
|
|
<li><a href="#_pe">pe</a></li>
|
|
<li><a href="#_pe_section">pe-section</a></li>
|
|
<li><a href="#_person">person</a></li>
|
|
<li><a href="#_phone">phone</a></li>
|
|
<li><a href="#_r2graphity">r2graphity</a></li>
|
|
<li><a href="#_regexp">regexp</a></li>
|
|
<li><a href="#_registry_key">registry-key</a></li>
|
|
<li><a href="#_tor_node">tor-node</a></li>
|
|
<li><a href="#_url">url</a></li>
|
|
<li><a href="#_victim">victim</a></li>
|
|
<li><a href="#_vulnerability">vulnerability</a></li>
|
|
<li><a href="#_whois">whois</a></li>
|
|
<li><a href="#_x509">x509</a></li>
|
|
<li><a href="#_yabin">yabin</a></li>
|
|
<li><a href="#_relationships">Relationships</a></li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div id="content">
|
|
<div id="preamble">
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Generated from <a href="https://github.com/MISP/misp-objects" class="bare">https://github.com/MISP/misp-objects</a>.</p>
|
|
</div>
|
|
<div class="imageblock">
|
|
<div class="content">
|
|
<img src="https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/misp-logo.png" alt="MISP logo">
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>MISP MISP objects to be used in MISP (2.4.80) system and can be used by other information sharing tool. MISP objects are in addition to MISP attributes to allow advanced combinations of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_ail_leak"><a class="anchor" href="#_ail_leak"></a><a class="link" href="#_ail_leak">ail-leak</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>An information leak as defined by the AIL Analysis Information Leak framework..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
ail-leak is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ail-leak/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of information leak as discovered and classified by an AIL module. ['Credential', 'CreditCards', 'Mail', 'Onion', 'Phone', 'Keys']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">original-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sensor</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_cookie"><a class="anchor" href="#_cookie"></a><a class="link" href="#_cookie">cookie</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with the next request to the same server. Typically, it’s used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
cookie is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cookie/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of cookie and how it’s used in this specific object. ['Session management', 'Personalization', 'Tracking', 'Exfiltration', 'Malicious Payload', 'Beaconing']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie-value</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_credit_card"><a class="anchor" href="#_credit_card"></a><a class="link" href="#_credit_card">credit-card</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>A payment card like credit card, debit card or any similar cards which can be used for financial transactions..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
credit-card is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/credit-card/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">expiration</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">issued</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">card-security-code</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cc-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cc-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_ddos"><a class="anchor" href="#_ddos"></a><a class="link" href="#_ddos">ddos</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
ddos is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ddos/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">total-bps</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">total-pps</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">protocol</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_domain_ip"><a class="anchor" href="#_domain_ip"></a><a class="link" href="#_domain_ip">domain|ip</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>A domain and IP address seen as a tuple in a specific time frame..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
domain|ip is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/domain|ip/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_elf"><a class="anchor" href="#_elf"></a><a class="link" href="#_elf">elf</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Object describing a Executable and Linkable Format.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
elf is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/elf/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">arch</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">os_abi</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Header operating system application binary interface (ABI) ['AIX', 'ARM', 'AROS', 'C6000_ELFABI', 'C6000_LINUX', 'CLOUDABI', 'FENIXOS', 'FREEBSD', 'GNU', 'HPUX', 'HURD', 'IRIX', 'MODESTO', 'NETBSD', 'NSK', 'OPENBSD', 'OPENVMS', 'SOLARIS', 'STANDALONE', 'SYSTEMV', 'TRU64']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-address</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">number-sections</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_elf_section"><a class="anchor" href="#_elf_section"></a><a class="link" href="#_elf_section">elf-section</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Object describing a section of an Executable and Linkable Format.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
elf-section is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/elf-section/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">flag</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of the section ['NULL', 'PROGBITS', 'SYMTAB', 'STRTAB', 'RELA', 'HASH', 'DYNAMIC', 'NOTE', 'NOBITS', 'REL', 'SHLIB', 'DYNSYM', 'INIT_ARRAY', 'FINI_ARRAY', 'PREINIT_ARRAY', 'GROUP', 'SYMTAB_SHNDX', 'LOOS', 'GNU_ATTRIBUTES', 'GNU_HASH', 'GNU_VERDEF', 'GNU_VERNEED', 'GNU_VERSYM', 'HIOS', 'LOPROC', 'ARM_EXIDX', 'ARM_PREEMPTMAP', 'HEX_ORDERED', 'X86_64_UNWIND', 'MIPS_REGINFO', 'MIPS_OPTIONS', 'MIPS_ABIFLAGS', 'HIPROC', 'LOUSER', 'HIUSER']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_email"><a class="anchor" href="#_email"></a><a class="link" href="#_email">email</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Email object describing an email with meta-information.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
email is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/email/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">reply-to</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-reply-to</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">subject</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-subject</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">message-id</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-message-id</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">thread-index</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-thread-index</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">to-display-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-dst-display-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">return-path</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">header</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-header</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cc</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">send-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">from</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-src</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-attachment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">to</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">from-display-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-src-display-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">x-mailer</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-x-mailer</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">mime-boundary</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">email-mime-boundary</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_file"><a class="anchor" href="#_file"></a><a class="link" href="#_file">file</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>File object describing a file with meta-information.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
file is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/file/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pattern-in-file</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pattern-in-file</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">malware-sample</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">malware-sample</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">mimetype</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">authentihash</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">authentihash</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">tlsh</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">tlsh</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_geolocation"><a class="anchor" href="#_geolocation"></a><a class="link" href="#_geolocation">geolocation</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>An object to describe a geographic location..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
geolocation is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/geolocation/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">longitude</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">latitude</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">region</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">altitude</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">city</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">country</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_http_request"><a class="anchor" href="#_http_request"></a><a class="link" href="#_http_request">http-request</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>A single HTTP request header.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
http-request is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/http-request/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">proxy-user</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">content-type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">other</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">basicauth-password</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">host</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">user-agent</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">user-agent</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">proxy-password</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">uri</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">uri</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">basicauth-user</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">referer</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">referer</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">method</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">http-method</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_ip_port"><a class="anchor" href="#_ip_port"></a><a class="link" href="#_ip_port">ip|port</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>An IP address and a port seen as a tuple (or as a triple) in a specific time frame..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
ip|port is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ip|port/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_ja3"><a class="anchor" href="#_ja3"></a><a class="link" href="#_ja3">ja3</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. <a href="https://github.com/salesforce/ja3" class="bare">https://github.com/salesforce/ja3</a>.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
ja3 is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ja3/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ja3-fingerprint-md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_macho"><a class="anchor" href="#_macho"></a><a class="link" href="#_macho">macho</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Object describing a file in Mach-O format..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
macho is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/macho/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of Mach-O ['BUNDLE', 'CORE', 'DSYM', 'DYLIB', 'DYLIB_STUB', 'DYLINKER', 'EXECUTE', 'FVMLIB', 'KEXT_BUNDLE', 'OBJECT', 'PRELOAD']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-address</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">number-sections</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_macho_section"><a class="anchor" href="#_macho_section"></a><a class="link" href="#_macho_section">macho-section</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Object describing a section of a file in Mach-O format..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
macho-section is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/macho-section/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_microblog"><a class="anchor" href="#_microblog"></a><a class="link" href="#_microblog">microblog</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Microblog post like a Twitter tweet or a post on a Facebook wall..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
microblog is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/microblog/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">removal-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">post</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">creation-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">username-quoted</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">modification-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_passive_dns"><a class="anchor" href="#_passive_dns"></a><a class="link" href="#_passive_dns">passive-dns</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
passive-dns is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/passive-dns/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">zone_time_last</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">rrtype</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Resource Record type as seen by the passive DNS ['A', 'AAAA', 'CNAME', 'PTR', 'SOA', 'TXT', 'DNAME', 'NS', 'SRV', 'RP', 'NAPTR', 'HINFO', 'A6']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">rrname</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">time_last</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">time_first</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sensor_id</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">rdata</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">bailiwick</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">zone_time_first</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">count</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_paste"><a class="anchor" href="#_paste"></a><a class="link" href="#_paste">paste</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Paste or similar post from a website allowing to share privately or publicly posts..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
paste is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/paste/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">title</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">paste</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_pe"><a class="anchor" href="#_pe"></a><a class="link" href="#_pe">pe</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Object describing a Portable Executable.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
pe is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/pe/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">legal-copyright</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">file-version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pehash</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pehash</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">original-filename</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-section-at-position</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">lang-id</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">product-version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of PE ['exe', 'dll', 'driver', 'unknown']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">company-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">imphash</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">imphash</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">product-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">impfuzzy</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">impfuzzy</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">compilation-timestamp</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-address</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">file-description</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">number-sections</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">internal-filename</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_pe_section"><a class="anchor" href="#_pe_section"></a><a class="link" href="#_pe_section">pe-section</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Object describing a section of a Portable Executable.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
pe-section is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/pe-section/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">characteristic</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Characteristic of the section ['read', 'write', 'executable']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Name of the section ['.rsrc', '.reloc', '.rdata', '.data', '.text']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_person"><a class="anchor" href="#_person"></a><a class="link" href="#_person">person</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>An person which describes a person or an identity..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
person is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/person/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-country</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-country</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">redress-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">redress-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">place-of-birth</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">place-of-birth</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-expiration</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-expiration</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">gender</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">gender</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>The gender of a natural person. ['Male', 'Female', 'Other', 'Prefer not to say']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">date-of-birth</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">date-of-birth</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">middle-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">middle-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_phone"><a class="anchor" href="#_phone"></a><a class="link" href="#_phone">phone</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>A phone or mobile phone object which describe a phone..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
phone is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/phone/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">msisdn</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">tmsi</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">serial-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">gummei</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">imei</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">guti</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">imsi</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_r2graphity"><a class="anchor" href="#_r2graphity"></a><a class="link" href="#_r2graphity">r2graphity</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Indicators extracted from files using radare2 and graphml.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
r2graphity is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/r2graphity/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">referenced-strings</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">r2-commit-version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">callback-largest</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">unknown-references</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">miss-api</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ratio-api</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">shortest-path-to-create-thread</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">create-thread</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">memory-allocations</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">callback-average</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ratio-string</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">callbacks</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">not-referenced-strings</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">refsglobalvar</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">gml</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">get-proc-address</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ratio-functions</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">total-functions</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">total-api</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">local-references</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">dangling-strings</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_regexp"><a class="anchor" href="#_regexp"></a><a class="link" href="#_regexp">regexp</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
regexp is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/regexp/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">regexp-type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Type of the regular expression syntax. ['PCRE', 'PCRE2', 'POSIX BRE', 'POSIX ERE']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">regexp</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_registry_key"><a class="anchor" href="#_registry_key"></a><a class="link" href="#_registry_key">registry-key</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Registry key object describing a Windows registry key with value and last-modified timestamp.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
registry-key is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/registry-key/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">data-type</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">reg-datatype</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Registry value type ['REG_NONE', 'REG_SZ', 'REG_EXPAND_SZ', 'REG_BINARY', 'REG_DWORD', 'REG_DWORD_LITTLE_ENDIAN', 'REG_DWORD_BIG_ENDIAN', 'REG_LINK', 'REG_MULTI_SZ', 'REG_RESOURCE_LIST', 'REG_FULL_RESOURCE_DESCRIPTOR', 'REG_RESOURCE_REQUIREMENTS_LIST', 'REG_QWORD', 'REG_QWORD_LITTLE_ENDIAN']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">hive</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">reg-hive</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">key</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">reg-key</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">data</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">reg-data</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-modified</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">reg-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_tor_node"><a class="anchor" href="#_tor_node"></a><a class="link" href="#_tor_node">tor-node</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
tor-node is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/tor-node/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">version_line</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">flags</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">nickname</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">address</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">published</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">fingerprint</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">document</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_url"><a class="anchor" href="#_url"></a><a class="link" href="#_url">url</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
url is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/url/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">resource_path</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">host</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">tld</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">subdomain</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain_without_tld</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">scheme</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>Scheme ['http', 'https', 'ftp', 'gopher', 'sip']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">credential</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">query_string</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">fragment</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_victim"><a class="anchor" href="#_victim"></a><a class="link" href="#_victim">victim</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Victim object describes the target of an attack or abuse..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
victim is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/victim/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sectors</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial\xadservices', 'government\xadnational', 'government\xadregional', 'government\xadlocal', 'government\xadpublic\xadservices', 'healthcare', 'hospitality\xadleisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non\xadprofit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">roles</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">classification</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p>The type of entity being targeted. ['individual', 'group', 'organization', 'class', 'unknown']</p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">regions</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_vulnerability"><a class="anchor" href="#_vulnerability"></a><a class="link" href="#_vulnerability">vulnerability</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Vulnerability object describing common vulnerability enumeration.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
vulnerability is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/vulnerability/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">references</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerable_configuration</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">published</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">modified</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">id</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerability</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">summary</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_whois"><a class="anchor" href="#_whois"></a><a class="link" href="#_whois">whois</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Whois records information for a domain name..</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
whois is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/whois/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-name</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">creation-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-email</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-email</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">registar</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrar</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">modification-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">expiration-date</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-phone</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-phone</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_x509"><a class="anchor" href="#_x509"></a><a class="link" href="#_x509">x509</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>x509 object describing a X.509 certificate.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
x509 is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/x509/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">issuer</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">subject</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-size</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-algorithm</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">validity-not-before</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-modulus</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-exponent</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">serial-number</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">raw-base64</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">validity-not-after</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_yabin"><a class="anchor" href="#_yabin"></a><a class="link" href="#_yabin">yabin</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: <a href="https://github.com/AlienVault-OTX/yabin" class="bare">https://github.com/AlienVault-OTX/yabin</a>.</p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
yabin is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/yabin/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
<col style="width: 25%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Object attribute</th>
|
|
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">yara-hunt</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">whitelist</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
<td class="tableblock halign-left valign-top"><div><div class="paragraph">
|
|
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
|
</div></div></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_relationships"><a class="anchor" href="#_relationships"></a><a class="link" href="#_relationships">Relationships</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>Default type of relationships in MISP objects.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>Relationships are part of MISP object and available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/relationships/definition.json">this location</a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.</p>
|
|
</div>
|
|
<table class="tableblock frame-all grid-all spread">
|
|
<colgroup>
|
|
<col style="width: 33.3333%;">
|
|
<col style="width: 33.3333%;">
|
|
<col style="width: 33.3334%;">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tableblock halign-left valign-top">Name of relationship</th>
|
|
<th class="tableblock halign-left valign-top">Description</th>
|
|
<th class="tableblock halign-left valign-top">Format</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">derived-from</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">The information in the target object is based on information from the source object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">duplicate-of</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source and target objects are semantically duplicates of each other.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">related-to</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is related to the target object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">attributed-to</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This referenced source is attributed to the target object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">targets</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes that the source object targets the target object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">uses</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the use by the source object of the target object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">indicates</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationships describes that the source object indicates the target object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">mitigates</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes a source object which mitigates the target object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">variant-of</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes a source object which is a variant of the target object</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">impersonates</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describe a source object which impersonates the target object</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">authored-by</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the author of a specific object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">located</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the location (of any type) of a specific object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">included-in</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object included in another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">analysed-with</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object analysed by another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">claimed-by</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object claimed by another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">communicates-with</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object communicating with another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">dropped-by</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object dropped by another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">executed-by</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object executed by another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">affects</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object affected by another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">beacons-to</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object beaconing to another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">abuses</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which abuses another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">exfiltrates-to</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object exfiltrating to another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">identifies</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which identifies another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">intercepts</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which intercepts another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">calls</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which calls another objects.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">detected-as</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is detected as another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">triggers</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which triggers another object.</p></td>
|
|
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="footer">
|
|
<div id="footer-text">
|
|
Last updated 2017-10-06 08:25:06 CEST
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |