mirror of https://github.com/MISP/misp-website
10389 lines
502 KiB
HTML
Executable File
10389 lines
502 KiB
HTML
Executable File
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<meta name="generator" content="Asciidoctor 1.5.7.1">
|
||
<title>MISP Objects</title>
|
||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
|
||
<style>
|
||
/* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */
|
||
/* Uncomment @import statement below to use as custom stylesheet */
|
||
/*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/
|
||
article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}
|
||
audio,canvas,video{display:inline-block}
|
||
audio:not([controls]){display:none;height:0}
|
||
script{display:none!important}
|
||
html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
|
||
a{background:transparent}
|
||
a:focus{outline:thin dotted}
|
||
a:active,a:hover{outline:0}
|
||
h1{font-size:2em;margin:.67em 0}
|
||
abbr[title]{border-bottom:1px dotted}
|
||
b,strong{font-weight:bold}
|
||
dfn{font-style:italic}
|
||
hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
|
||
mark{background:#ff0;color:#000}
|
||
code,kbd,pre,samp{font-family:monospace;font-size:1em}
|
||
pre{white-space:pre-wrap}
|
||
q{quotes:"\201C" "\201D" "\2018" "\2019"}
|
||
small{font-size:80%}
|
||
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
|
||
sup{top:-.5em}
|
||
sub{bottom:-.25em}
|
||
img{border:0}
|
||
svg:not(:root){overflow:hidden}
|
||
figure{margin:0}
|
||
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
|
||
legend{border:0;padding:0}
|
||
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
|
||
button,input{line-height:normal}
|
||
button,select{text-transform:none}
|
||
button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
|
||
button[disabled],html input[disabled]{cursor:default}
|
||
input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
|
||
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
|
||
textarea{overflow:auto;vertical-align:top}
|
||
table{border-collapse:collapse;border-spacing:0}
|
||
*,*::before,*::after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
|
||
html,body{font-size:100%}
|
||
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto;tab-size:4;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
|
||
a:hover{cursor:pointer}
|
||
img,object,embed{max-width:100%;height:auto}
|
||
object,embed{height:100%}
|
||
img{-ms-interpolation-mode:bicubic}
|
||
.left{float:left!important}
|
||
.right{float:right!important}
|
||
.text-left{text-align:left!important}
|
||
.text-right{text-align:right!important}
|
||
.text-center{text-align:center!important}
|
||
.text-justify{text-align:justify!important}
|
||
.hide{display:none}
|
||
img,object,svg{display:inline-block;vertical-align:middle}
|
||
textarea{height:auto;min-height:50px}
|
||
select{width:100%}
|
||
.center{margin-left:auto;margin-right:auto}
|
||
.stretch{width:100%}
|
||
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
|
||
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
|
||
a{color:#2156a5;text-decoration:underline;line-height:inherit}
|
||
a:hover,a:focus{color:#1d4b8f}
|
||
a img{border:none}
|
||
p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
||
p aside{font-size:.875em;line-height:1.35;font-style:italic}
|
||
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
|
||
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
|
||
h1{font-size:2.125em}
|
||
h2{font-size:1.6875em}
|
||
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
|
||
h4,h5{font-size:1.125em}
|
||
h6{font-size:1em}
|
||
hr{border:solid #ddddd8;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
|
||
em,i{font-style:italic;line-height:inherit}
|
||
strong,b{font-weight:bold;line-height:inherit}
|
||
small{font-size:60%;line-height:inherit}
|
||
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
|
||
ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
||
ul,ol{margin-left:1.5em}
|
||
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
|
||
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
|
||
ul.square{list-style-type:square}
|
||
ul.circle{list-style-type:circle}
|
||
ul.disc{list-style-type:disc}
|
||
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
|
||
dl dt{margin-bottom:.3125em;font-weight:bold}
|
||
dl dd{margin-bottom:1.25em}
|
||
abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
|
||
abbr{text-transform:none}
|
||
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
|
||
blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
|
||
blockquote cite::before{content:"\2014 \0020"}
|
||
blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
|
||
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
|
||
@media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
|
||
h1{font-size:2.75em}
|
||
h2{font-size:2.3125em}
|
||
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
|
||
h4{font-size:1.4375em}}
|
||
table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
|
||
table thead,table tfoot{background:#f7f8f7}
|
||
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
|
||
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
|
||
table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7}
|
||
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
|
||
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
|
||
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
|
||
.clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table}
|
||
.clearfix::after,.float-group::after{clear:both}
|
||
*:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed;word-wrap:break-word}
|
||
*:not(pre)>code.nobreak{word-wrap:normal}
|
||
*:not(pre)>code.nowrap{white-space:nowrap}
|
||
pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed}
|
||
em em{font-style:normal}
|
||
strong strong{font-weight:400}
|
||
.keyseq{color:rgba(51,51,51,.8)}
|
||
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
|
||
.keyseq kbd:first-child{margin-left:0}
|
||
.keyseq kbd:last-child{margin-right:0}
|
||
.menuseq,.menuref{color:#000}
|
||
.menuseq b:not(.caret),.menuref{font-weight:inherit}
|
||
.menuseq{word-spacing:-.02em}
|
||
.menuseq b.caret{font-size:1.25em;line-height:.8}
|
||
.menuseq i.caret{font-weight:bold;text-align:center;width:.45em}
|
||
b.button::before,b.button::after{position:relative;top:-1px;font-weight:400}
|
||
b.button::before{content:"[";padding:0 3px 0 2px}
|
||
b.button::after{content:"]";padding:0 2px 0 3px}
|
||
p a>code:hover{color:rgba(0,0,0,.9)}
|
||
#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
||
#header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table}
|
||
#header::after,#content::after,#footnotes::after,#footer::after{clear:both}
|
||
#content{margin-top:1.25em}
|
||
#content::before{content:none}
|
||
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
|
||
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #ddddd8}
|
||
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #ddddd8;padding-bottom:8px}
|
||
#header .details{border-bottom:1px solid #ddddd8;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
|
||
#header .details span:first-child{margin-left:-.125em}
|
||
#header .details span.email a{color:rgba(0,0,0,.85)}
|
||
#header .details br{display:none}
|
||
#header .details br+span::before{content:"\00a0\2013\00a0"}
|
||
#header .details br+span.author::before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
|
||
#header .details br+span#revremark::before{content:"\00a0|\00a0"}
|
||
#header #revnumber{text-transform:capitalize}
|
||
#header #revnumber::after{content:"\00a0"}
|
||
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #ddddd8;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
|
||
#toc{border-bottom:1px solid #efefed;padding-bottom:.5em}
|
||
#toc>ul{margin-left:.125em}
|
||
#toc ul.sectlevel0>li>a{font-style:italic}
|
||
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
|
||
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
|
||
#toc li{line-height:1.3334;margin-top:.3334em}
|
||
#toc a{text-decoration:none}
|
||
#toc a:active{text-decoration:underline}
|
||
#toctitle{color:#7a2518;font-size:1.2em}
|
||
@media screen and (min-width:768px){#toctitle{font-size:1.375em}
|
||
body.toc2{padding-left:15em;padding-right:0}
|
||
#toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #efefed;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
||
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
|
||
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
|
||
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
|
||
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
|
||
body.toc2.toc-right{padding-left:0;padding-right:15em}
|
||
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #efefed;left:auto;right:0}}
|
||
@media screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
|
||
#toc.toc2{width:20em}
|
||
#toc.toc2 #toctitle{font-size:1.375em}
|
||
#toc.toc2>ul{font-size:.95em}
|
||
#toc.toc2 ul ul{padding-left:1.25em}
|
||
body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
||
#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
||
#content #toc>:first-child{margin-top:0}
|
||
#content #toc>:last-child{margin-bottom:0}
|
||
#footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em}
|
||
#footer-text{color:rgba(255,255,255,.8);line-height:1.44}
|
||
#content{margin-bottom:.625em}
|
||
.sect1{padding-bottom:.625em}
|
||
@media screen and (min-width:768px){#content{margin-bottom:1.25em}
|
||
.sect1{padding-bottom:1.25em}}
|
||
.sect1:last-child{padding-bottom:0}
|
||
.sect1+.sect1{border-top:1px solid #efefed}
|
||
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
|
||
#content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
|
||
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
|
||
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
|
||
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
||
.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
||
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
|
||
table.tableblock.fit-content>caption.title{white-space:nowrap;width:0}
|
||
.paragraph.lead>p,#preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
|
||
table.tableblock #preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:inherit}
|
||
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
|
||
.admonitionblock>table td.icon{text-align:center;width:80px}
|
||
.admonitionblock>table td.icon img{max-width:none}
|
||
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
|
||
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #ddddd8;color:rgba(0,0,0,.6)}
|
||
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
|
||
.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
|
||
.exampleblock>.content>:first-child{margin-top:0}
|
||
.exampleblock>.content>:last-child{margin-bottom:0}
|
||
.sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
||
.sidebarblock>:first-child{margin-top:0}
|
||
.sidebarblock>:last-child{margin-bottom:0}
|
||
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
|
||
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
|
||
.literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8}
|
||
.sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1}
|
||
.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;padding:1em;font-size:.8125em}
|
||
.literalblock pre.nowrap,.literalblock pre[class].nowrap,.listingblock pre.nowrap,.listingblock pre[class].nowrap{overflow-x:auto;white-space:pre;word-wrap:normal}
|
||
@media screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}
|
||
@media screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}
|
||
.literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)}
|
||
.listingblock pre.highlightjs{padding:0}
|
||
.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
|
||
.listingblock pre.prettyprint{border-width:0}
|
||
.listingblock>.content{position:relative}
|
||
.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999}
|
||
.listingblock:hover code[data-lang]::before{display:block}
|
||
.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:#999}
|
||
.listingblock.terminal pre .command:not([data-prompt])::before{content:"$"}
|
||
table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
||
table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0;line-height:1.45}
|
||
table.pyhltable td.code{padding-left:.75em;padding-right:0}
|
||
pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #ddddd8}
|
||
pre.pygments .lineno{display:inline-block;margin-right:.25em}
|
||
table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
|
||
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
||
.quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em}
|
||
.quoteblock blockquote,.quoteblock blockquote p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
||
.quoteblock blockquote{margin:0;padding:0;border:0}
|
||
.quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
|
||
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
|
||
.quoteblock .attribution{margin-top:.5em;margin-right:.5ex;text-align:right}
|
||
.quoteblock .quoteblock{margin-left:0;margin-right:0;padding:.5em 0;border-left:3px solid rgba(0,0,0,.6)}
|
||
.quoteblock .quoteblock blockquote{padding:0 0 0 .75em}
|
||
.quoteblock .quoteblock blockquote::before{display:none}
|
||
.verseblock{margin:0 1em 1.25em}
|
||
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
||
.verseblock pre strong{font-weight:400}
|
||
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
|
||
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
|
||
.quoteblock .attribution br,.verseblock .attribution br{display:none}
|
||
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
|
||
.quoteblock.abstract{margin:0 1em 1.25em;display:block}
|
||
.quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center}
|
||
.quoteblock.abstract blockquote,.quoteblock.abstract blockquote p{word-spacing:0;line-height:1.6}
|
||
.quoteblock.abstract blockquote::before,.quoteblock.abstract p::before{display:none}
|
||
table.tableblock{max-width:100%;border-collapse:separate}
|
||
p.tableblock:last-child{margin-bottom:0}
|
||
td.tableblock>.content{margin-bottom:-1.25em}
|
||
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
|
||
table.grid-all>thead>tr>.tableblock,table.grid-all>tbody>tr>.tableblock{border-width:0 1px 1px 0}
|
||
table.grid-all>tfoot>tr>.tableblock{border-width:1px 1px 0 0}
|
||
table.grid-cols>*>tr>.tableblock{border-width:0 1px 0 0}
|
||
table.grid-rows>thead>tr>.tableblock,table.grid-rows>tbody>tr>.tableblock{border-width:0 0 1px}
|
||
table.grid-rows>tfoot>tr>.tableblock{border-width:1px 0 0}
|
||
table.grid-all>*>tr>.tableblock:last-child,table.grid-cols>*>tr>.tableblock:last-child{border-right-width:0}
|
||
table.grid-all>tbody>tr:last-child>.tableblock,table.grid-all>thead:last-child>tr>.tableblock,table.grid-rows>tbody>tr:last-child>.tableblock,table.grid-rows>thead:last-child>tr>.tableblock{border-bottom-width:0}
|
||
table.frame-all{border-width:1px}
|
||
table.frame-sides{border-width:0 1px}
|
||
table.frame-topbot,table.frame-ends{border-width:1px 0}
|
||
table.stripes-all tr,table.stripes-odd tr:nth-of-type(odd){background:#f8f8f7}
|
||
table.stripes-none tr,table.stripes-odd tr:nth-of-type(even){background:none}
|
||
th.halign-left,td.halign-left{text-align:left}
|
||
th.halign-right,td.halign-right{text-align:right}
|
||
th.halign-center,td.halign-center{text-align:center}
|
||
th.valign-top,td.valign-top{vertical-align:top}
|
||
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
|
||
th.valign-middle,td.valign-middle{vertical-align:middle}
|
||
table thead th,table tfoot th{font-weight:bold}
|
||
tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
|
||
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
|
||
p.tableblock>code:only-child{background:none;padding:0}
|
||
p.tableblock{font-size:1em}
|
||
td>div.verse{white-space:pre}
|
||
ol{margin-left:1.75em}
|
||
ul li ol{margin-left:1.5em}
|
||
dl dd{margin-left:1.125em}
|
||
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
||
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
||
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
|
||
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
|
||
ul.unstyled,ol.unstyled{margin-left:0}
|
||
ul.checklist{margin-left:.625em}
|
||
ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
||
ul.checklist li>p:first-child>input[type="checkbox"]:first-child{margin-right:.25em}
|
||
ul.inline{display:-ms-flexbox;display:-webkit-box;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
|
||
ul.inline>li{margin-left:1.25em}
|
||
.unstyled dl dt{font-weight:400;font-style:normal}
|
||
ol.arabic{list-style-type:decimal}
|
||
ol.decimal{list-style-type:decimal-leading-zero}
|
||
ol.loweralpha{list-style-type:lower-alpha}
|
||
ol.upperalpha{list-style-type:upper-alpha}
|
||
ol.lowerroman{list-style-type:lower-roman}
|
||
ol.upperroman{list-style-type:upper-roman}
|
||
ol.lowergreek{list-style-type:lower-greek}
|
||
.hdlist>table,.colist>table{border:0;background:none}
|
||
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
|
||
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
|
||
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
|
||
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
|
||
.colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top}
|
||
.colist td:not([class]):first-child img{max-width:none}
|
||
.colist td:not([class]):last-child{padding:.25em 0}
|
||
.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
|
||
.imageblock.left,.imageblock[style*="float: left"]{margin:.25em .625em 1.25em 0}
|
||
.imageblock.right,.imageblock[style*="float: right"]{margin:.25em 0 1.25em .625em}
|
||
.imageblock>.title{margin-bottom:0}
|
||
.imageblock.thumb,.imageblock.th{border-width:6px}
|
||
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
|
||
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
|
||
.image.left{margin-right:.625em}
|
||
.image.right{margin-left:.625em}
|
||
a.image{text-decoration:none;display:inline-block}
|
||
a.image object{pointer-events:none}
|
||
sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
|
||
sup.footnote a,sup.footnoteref a{text-decoration:none}
|
||
sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
|
||
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
|
||
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em;border-width:1px 0 0}
|
||
#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;margin-bottom:.2em}
|
||
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
|
||
#footnotes .footnote:last-of-type{margin-bottom:0}
|
||
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
||
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
|
||
.gist .file-data>table td.line-data{width:99%}
|
||
div.unbreakable{page-break-inside:avoid}
|
||
.big{font-size:larger}
|
||
.small{font-size:smaller}
|
||
.underline{text-decoration:underline}
|
||
.overline{text-decoration:overline}
|
||
.line-through{text-decoration:line-through}
|
||
.aqua{color:#00bfbf}
|
||
.aqua-background{background-color:#00fafa}
|
||
.black{color:#000}
|
||
.black-background{background-color:#000}
|
||
.blue{color:#0000bf}
|
||
.blue-background{background-color:#0000fa}
|
||
.fuchsia{color:#bf00bf}
|
||
.fuchsia-background{background-color:#fa00fa}
|
||
.gray{color:#606060}
|
||
.gray-background{background-color:#7d7d7d}
|
||
.green{color:#006000}
|
||
.green-background{background-color:#007d00}
|
||
.lime{color:#00bf00}
|
||
.lime-background{background-color:#00fa00}
|
||
.maroon{color:#600000}
|
||
.maroon-background{background-color:#7d0000}
|
||
.navy{color:#000060}
|
||
.navy-background{background-color:#00007d}
|
||
.olive{color:#606000}
|
||
.olive-background{background-color:#7d7d00}
|
||
.purple{color:#600060}
|
||
.purple-background{background-color:#7d007d}
|
||
.red{color:#bf0000}
|
||
.red-background{background-color:#fa0000}
|
||
.silver{color:#909090}
|
||
.silver-background{background-color:#bcbcbc}
|
||
.teal{color:#006060}
|
||
.teal-background{background-color:#007d7d}
|
||
.white{color:#bfbfbf}
|
||
.white-background{background-color:#fafafa}
|
||
.yellow{color:#bfbf00}
|
||
.yellow-background{background-color:#fafa00}
|
||
span.icon>.fa{cursor:default}
|
||
a span.icon>.fa{cursor:inherit}
|
||
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
|
||
.admonitionblock td.icon .icon-note::before{content:"\f05a";color:#19407c}
|
||
.admonitionblock td.icon .icon-tip::before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
|
||
.admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900}
|
||
.admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400}
|
||
.admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000}
|
||
.conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
||
.conum[data-value] *{color:#fff!important}
|
||
.conum[data-value]+b{display:none}
|
||
.conum[data-value]::after{content:attr(data-value)}
|
||
pre .conum[data-value]{position:relative;top:-.125em}
|
||
b.conum *{color:inherit!important}
|
||
.conum:not([data-value]):empty{display:none}
|
||
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
|
||
h1,h2,p,td.content,span.alt{letter-spacing:-.01em}
|
||
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
|
||
p,blockquote,dt,td.content,span.alt{font-size:1.0625rem}
|
||
p{margin-bottom:1.25rem}
|
||
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
|
||
.exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
||
.print-only{display:none!important}
|
||
@page{margin:1.25cm .75cm}
|
||
@media print{*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
|
||
html{font-size:80%}
|
||
a{color:inherit!important;text-decoration:underline!important}
|
||
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
|
||
a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
|
||
abbr[title]::after{content:" (" attr(title) ")"}
|
||
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
|
||
thead{display:table-header-group}
|
||
svg{max-width:100%}
|
||
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
|
||
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
|
||
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
|
||
#toc{border-bottom:1px solid #ddddd8!important;padding-bottom:0!important}
|
||
body.book #header{text-align:center}
|
||
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em}
|
||
body.book #header .details{border:0!important;display:block;padding:0!important}
|
||
body.book #header .details span:first-child{margin-left:0!important}
|
||
body.book #header .details br{display:block}
|
||
body.book #header .details br+span::before{content:none!important}
|
||
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
|
||
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
|
||
.listingblock code[data-lang]::before{display:block}
|
||
#footer{padding:0 .9375em}
|
||
.hide-on-print{display:none!important}
|
||
.print-only{display:block!important}
|
||
.hide-for-print{display:none!important}
|
||
.show-for-print{display:inherit!important}}
|
||
@media print,amzn-kf8{#header>h1:first-child{margin-top:1.25rem}
|
||
.sect1{padding:0!important}
|
||
.sect1+.sect1{border:0}
|
||
#footer{background:none}
|
||
#footer-text{color:rgba(0,0,0,.6);font-size:.9em}}
|
||
@media amzn-kf8{#header,#content,#footnotes,#footer{padding:0}}
|
||
</style>
|
||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
|
||
</head>
|
||
<body class="article toc2 toc-right">
|
||
<div id="header">
|
||
<h1>MISP Objects</h1>
|
||
<div id="toc" class="toc2">
|
||
<div id="toctitle">MISP Objects</div>
|
||
<ul class="sectlevel0">
|
||
<li><a href="#_introduction">Introduction</a>
|
||
<ul class="sectlevel1">
|
||
<li><a href="#_funding_and_support">Funding and Support</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#_misp_objects">MISP objects</a>
|
||
<ul class="sectlevel1">
|
||
<li><a href="#_ail_leak">ail-leak</a></li>
|
||
<li><a href="#_ais_info">ais-info</a></li>
|
||
<li><a href="#_android_permission">android-permission</a></li>
|
||
<li><a href="#_annotation">annotation</a></li>
|
||
<li><a href="#_asn">asn</a></li>
|
||
<li><a href="#_av_signature">av-signature</a></li>
|
||
<li><a href="#_bank_account">bank-account</a></li>
|
||
<li><a href="#_cap_alert">cap-alert</a></li>
|
||
<li><a href="#_cap_info">cap-info</a></li>
|
||
<li><a href="#_cap_resource">cap-resource</a></li>
|
||
<li><a href="#_coin_address">coin-address</a></li>
|
||
<li><a href="#_cookie">cookie</a></li>
|
||
<li><a href="#_course_of_action">course-of-action</a></li>
|
||
<li><a href="#_cowrie">cowrie</a></li>
|
||
<li><a href="#_credential">credential</a></li>
|
||
<li><a href="#_credit_card">credit-card</a></li>
|
||
<li><a href="#_ddos">ddos</a></li>
|
||
<li><a href="#_diameter_attack">diameter-attack</a></li>
|
||
<li><a href="#_domain_ip">domain-ip</a></li>
|
||
<li><a href="#_elf">elf</a></li>
|
||
<li><a href="#_elf_section">elf-section</a></li>
|
||
<li><a href="#_email">email</a></li>
|
||
<li><a href="#_fail2ban">fail2ban</a></li>
|
||
<li><a href="#_file">file</a></li>
|
||
<li><a href="#_geolocation">geolocation</a></li>
|
||
<li><a href="#_gtp_attack">gtp-attack</a></li>
|
||
<li><a href="#_http_request">http-request</a></li>
|
||
<li><a href="#_ip_port">ip-port</a></li>
|
||
<li><a href="#_ja3">ja3</a></li>
|
||
<li><a href="#_legal_entity">legal-entity</a></li>
|
||
<li><a href="#_macho">macho</a></li>
|
||
<li><a href="#_macho_section">macho-section</a></li>
|
||
<li><a href="#_microblog">microblog</a></li>
|
||
<li><a href="#_mutex">mutex</a></li>
|
||
<li><a href="#_netflow">netflow</a></li>
|
||
<li><a href="#_network_connection">network-connection</a></li>
|
||
<li><a href="#_network_socket">network-socket</a></li>
|
||
<li><a href="#_passive_dns">passive-dns</a></li>
|
||
<li><a href="#_paste">paste</a></li>
|
||
<li><a href="#_pe">pe</a></li>
|
||
<li><a href="#_pe_section">pe-section</a></li>
|
||
<li><a href="#_person">person</a></li>
|
||
<li><a href="#_phone">phone</a></li>
|
||
<li><a href="#_process">process</a></li>
|
||
<li><a href="#_r2graphity">r2graphity</a></li>
|
||
<li><a href="#_regexp">regexp</a></li>
|
||
<li><a href="#_registry_key">registry-key</a></li>
|
||
<li><a href="#_report">report</a></li>
|
||
<li><a href="#_rtir">rtir</a></li>
|
||
<li><a href="#_sandbox_report">sandbox-report</a></li>
|
||
<li><a href="#_sb_signature">sb-signature</a></li>
|
||
<li><a href="#_script">script</a></li>
|
||
<li><a href="#_shortened_link">shortened-link</a></li>
|
||
<li><a href="#_ss7_attack">ss7-attack</a></li>
|
||
<li><a href="#_stix2_pattern">stix2-pattern</a></li>
|
||
<li><a href="#_suricata">suricata</a></li>
|
||
<li><a href="#_target_system">target-system</a></li>
|
||
<li><a href="#_timecode">timecode</a></li>
|
||
<li><a href="#_timesketch_timeline">timesketch-timeline</a></li>
|
||
<li><a href="#_timestamp">timestamp</a></li>
|
||
<li><a href="#_tor_node">tor-node</a></li>
|
||
<li><a href="#_transaction">transaction</a></li>
|
||
<li><a href="#_url">url</a></li>
|
||
<li><a href="#_victim">victim</a></li>
|
||
<li><a href="#_virustotal_report">virustotal-report</a></li>
|
||
<li><a href="#_vulnerability">vulnerability</a></li>
|
||
<li><a href="#_whois">whois</a></li>
|
||
<li><a href="#_x509">x509</a></li>
|
||
<li><a href="#_yabin">yabin</a></li>
|
||
<li><a href="#_yara">yara</a></li>
|
||
<li><a href="#_relationships">Relationships</a></li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
<div id="content">
|
||
<h1 id="_introduction" class="sect0"><a class="anchor" href="#_introduction"></a><a class="link" href="#_introduction">Introduction</a></h1>
|
||
<div class="imageblock">
|
||
<div class="content">
|
||
<img src="https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/misp-logo.png" alt="MISP logo">
|
||
</div>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p>The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators, financial fraud or counter-terrorism information. The MISP project includes multiple sub-projects to support the operational requirements of analysts and improve the overall quality of information shared.</p>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p>MISP objects are used in MISP (starting from version 2.4.80) system and can be used by other information sharing tool. MISP objects are in addition to MISP attributes to allow advanced combinations of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing. The objects are just shared like any other attributes in MISP even if the other MISP instances don’t have the template of the object.
|
||
The following document is generated from the machine-readable JSON describing the <a href="https://github.com/MISP/misp-objects">MISP objects</a>.</p>
|
||
</div>
|
||
<div style="page-break-after: always;"></div>
|
||
<div class="sect1">
|
||
<h2 id="_funding_and_support"><a class="anchor" href="#_funding_and_support"></a><a class="link" href="#_funding_and_support">Funding and Support</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>The MISP project is financially and resource supported by <a href="https://www.circl.lu/">CIRCL Computer Incident Response Center Luxembourg </a>.</p>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p><span class="image"><img src="https://www.misp-project.org/assets/images/logo.png" alt="CIRCL logo"></span></p>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p>A CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security has been granted from 1st September 2017 until 31th August 2019 as <strong><strong>Improving MISP as building blocks for next-generation information sharing</strong></strong>.</p>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p><span class="image"><img src="https://www.misp-project.org/assets/images/en_cef.png" alt="CEF funding"></span></p>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p>If you are interested to co-fund projects around MISP, feel free to get in touch with us.</p>
|
||
</div>
|
||
<div style="page-break-after: always;"></div>
|
||
</div>
|
||
</div>
|
||
<h1 id="_misp_objects" class="sect0"><a class="anchor" href="#_misp_objects"></a><a class="link" href="#_misp_objects">MISP objects</a></h1>
|
||
<div class="sect1">
|
||
<h2 id="_ail_leak"><a class="anchor" href="#_ail_leak"></a><a class="link" href="#_ail_leak">ail-leak</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An information leak as defined by the AIL Analysis Information Leak framework..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
ail-leak is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ail-leak/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sensor</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The AIL sensor uuid where the leak was processed and analysed.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">duplicate</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Duplicate of the existing leaks.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">duplicate_number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Number of known duplicates.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The link where the leak is (or was) accessible at first-seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the leak which could include the potential victim(s) or description of the leak.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">original-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the information available in the leak was created. It’s usually before the first-seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the leak has been accessible or seen for the last time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the leak has been accessible or seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">raw-data</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw data as received by the AIL sensor compressed and encoded in Base64.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_ais_info"><a class="anchor" href="#_ais_info"></a><a class="link" href="#_ais_info">ais-info</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Automated Indicator Sharing (AIS) Information Source Markings..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
ais-info is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ais-info/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">organisation</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>AIS Organisation Name.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">administrative-area</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>AIS Administrative Area represented using ISO-3166-2.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">industry</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>AIS IndustryType. ['Chemical Sector', 'Commercial Facilities Sector', 'Communications Sector', 'Critical Manufacturing Sector', 'Dams Sector', 'Defense Industrial Base Sector', 'Emergency Services Sector', 'Energy Sector', 'Financial Services Sector', 'Food and Agriculture Sector', 'Government Facilities Sector', 'Healthcare and Public Health Sector', 'Information Technology Sector', 'Nuclear Reactors, Materials, and Waste Sector', 'Transportation Systems Sector', 'Water and Wastewater Systems Sector', 'Other']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">country</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>AIS Country represented using ISO-3166-1_alpha-2.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_android_permission"><a class="anchor" href="#_android_permission"></a><a class="link" href="#_android_permission">android-permission</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app)..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
android-permission is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/android-permission/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">permission</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Android permission ['ACCESS_CHECKIN_PROPERTIES', 'ACCESS_COARSE_LOCATION', 'ACCESS_FINE_LOCATION', 'ACCESS_LOCATION_EXTRA_COMMANDS', 'ACCESS_NETWORK_STATE', 'ACCESS_NOTIFICATION_POLICY', 'ACCESS_WIFI_STATE', 'ACCOUNT_MANAGER', 'ADD_VOICEMAIL', 'ANSWER_PHONE_CALLS', 'BATTERY_STATS', 'BIND_ACCESSIBILITY_SERVICE', 'BIND_APPWIDGET', 'BIND_AUTOFILL_SERVICE', 'BIND_CARRIER_MESSAGING_SERVICE', 'BIND_CHOOSER_TARGET_SERVICE', 'BIND_CONDITION_PROVIDER_SERVICE', 'BIND_DEVICE_ADMIN', 'BIND_DREAM_SERVICE', 'BIND_INCALL_SERVICE', 'BIND_INPUT_METHOD', 'BIND_MIDI_DEVICE_SERVICE', 'BIND_NFC_SERVICE', 'BIND_NOTIFICATION_LISTENER_SERVICE', 'BIND_PRINT_SERVICE', 'BIND_QUICK_SETTINGS_TILE', 'BIND_REMOTEVIEWS', 'BIND_SCREENING_SERVICE', 'BIND_TELECOM_CONNECTION_SERVICE', 'BIND_TEXT_SERVICE', 'BIND_TV_INPUT', 'BIND_VISUAL_VOICEMAIL_SERVICE', 'BIND_VOICE_INTERACTION', 'BIND_VPN_SERVICE', 'BIND_VR_LISTENER_SERVICE', 'BIND_WALLPAPER', 'BLUETOOTH', 'BLUETOOTH_ADMIN', 'BLUETOOTH_PRIVILEGED', 'BODY_SENSORS', 'BROADCAST_PACKAGE_REMOVED', 'BROADCAST_SMS', 'BROADCAST_STICKY', 'BROADCAST_WAP_PUSH', 'CALL_PHONE', 'CALL_PRIVILEGED', 'CAMERA', 'CAPTURE_AUDIO_OUTPUT', 'CAPTURE_SECURE_VIDEO_OUTPUT', 'CAPTURE_VIDEO_OUTPUT', 'CHANGE_COMPONENT_ENABLED_STATE', 'CHANGE_CONFIGURATION', 'CHANGE_NETWORK_STATE', 'CHANGE_WIFI_MULTICAST_STATE', 'CHANGE_WIFI_STATE', 'CLEAR_APP_CACHE', 'CONTROL_LOCATION_UPDATES', 'DELETE_CACHE_FILES', 'DELETE_PACKAGES', 'DIAGNOSTIC', 'DISABLE_KEYGUARD', 'DUMP', 'EXPAND_STATUS_BAR', 'FACTORY_TEST', 'GET_ACCOUNTS', 'GET_ACCOUNTS_PRIVILEGED', 'GET_PACKAGE_SIZE', 'GET_TASKS', 'GLOBAL_SEARCH', 'INSTALL_LOCATION_PROVIDER', 'INSTALL_PACKAGES', 'INSTALL_SHORTCUT', 'INSTANT_APP_FOREGROUND_SERVICE', 'INTERNET', 'KILL_BACKGROUND_PROCESSES', 'LOCATION_HARDWARE', 'MANAGE_DOCUMENTS', 'MANAGE_OWN_CALLS', 'MASTER_CLEAR', 'MEDIA_CONTENT_CONTROL', 'MODIFY_AUDIO_SETTINGS', 'MODIFY_PHONE_STATE', 'MOUNT_FORMAT_FILESYSTEMS', 'MOUNT_UNMOUNT_FILESYSTEMS', 'NFC', 'PACKAGE_USAGE_STATS', 'PERSISTENT_ACTIVITY', 'PROCESS_OUTGOING_CALLS', 'READ_CALENDAR', 'READ_CALL_LOG', 'READ_CONTACTS', 'READ_EXTERNAL_STORAGE', 'READ_FRAME_BUFFER', 'READ_INPUT_STATE', 'READ_LOGS', 'READ_PHONE_NUMBERS', 'READ_PHONE_STATE', 'READ_SMS', 'READ_SYNC_SETTINGS', 'READ_SYNC_STATS', 'READ_VOICEMAIL', 'REBOOT', 'RECEIVE_BOOT_COMPLETED', 'RECEIVE_MMS', 'RECEIVE_SMS', 'RECEIVE_WAP_PUSH', 'RECORD_AUDIO', 'REORDER_TASKS', 'REQUEST_COMPANION_RUN_IN_BACKGROUND', 'REQUEST_COMPANION_USE_DATA_IN_BACKGROUND', 'REQUEST_DELETE_PACKAGES', 'REQUEST_IGNORE_BATTERY_OPTIMIZATIONS', 'REQUEST_INSTALL_PACKAGES', 'RESTART_PACKAGES', 'SEND_RESPOND_VIA_MESSAGE', 'SEND_SMS', 'SET_ALARM', 'SET_ALWAYS_FINISH', 'SET_ANIMATION_SCALE', 'SET_DEBUG_APP', 'SET_PREFERRED_APPLICATIONS', 'SET_PROCESS_LIMIT', 'SET_TIME', 'SET_TIME_ZONE', 'SET_WALLPAPER', 'SET_WALLPAPER_HINTS', 'SIGNAL_PERSISTENT_PROCESSES', 'STATUS_BAR', 'SYSTEM_ALERT_WINDOW', 'TRANSMIT_IR', 'UNINSTALL_SHORTCUT', 'UPDATE_DEVICE_STATS', 'USE_FINGERPRINT', 'USE_SIP', 'VIBRATE', 'WAKE_LOCK', 'WRITE_APN_SETTINGS', 'WRITE_CALENDAR', 'WRITE_CALL_LOG', 'WRITE_CONTACTS', 'WRITE_EXTERNAL_STORAGE', 'WRITE_GSERVICES', 'WRITE_SECURE_SETTINGS', 'WRITE_SETTINGS', 'WRITE_SYNC_SETTINGS', 'WRITE_VOICEMAIL']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comment about the set of android permission(s)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_annotation"><a class="anchor" href="#_annotation"></a><a class="link" href="#_annotation">annotation</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
annotation is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/annotation/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw text of the annotation</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ref</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Reference(s) to the annotation</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of the annotation ['Annotation', 'Executive Summary', 'Introduction', 'Conclusion', 'Disclaimer', 'Keywords', 'Acknowledgement', 'Other', 'Copyright', 'Authors', 'Logo']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">format</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Format of the annotation ['text', 'markdown', 'asciidoctor', 'MultiMarkdown', 'GFM', 'pandoc', 'Fountain', 'CommonWork', 'kramdown-rfc2629', 'rfc7328', 'Extra']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">creation-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Initial creation of the annotation</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">modification-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last update of the annotation</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_asn"><a class="anchor" href="#_asn"></a><a class="link" href="#_asn">asn</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
asn is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/asn/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">asn</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">AS</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Autonomous System Number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the autonomous system</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">country</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Country code of the main location of the autonomous system</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">subnet-announced</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Subnet announced</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time the ASN was seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time the ASN was seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">import</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The inbound IPv4 routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">export</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mp-import</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mp-export</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_av_signature"><a class="anchor" href="#_av_signature"></a><a class="link" href="#_av_signature">av-signature</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Antivirus detection signature.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
av-signature is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/av-signature/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">software</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of antivirus software</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">signature</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of detection signature</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the file</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Datetime</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_bank_account"><a class="anchor" href="#_bank_account"></a><a class="link" href="#_bank_account">bank-account</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object describing bank account information based on account description from goAML 4.0..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
bank-account is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/bank-account/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the bank account.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">institution-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the bank or financial organisation.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">institution-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Institution code of the bank.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">swift</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">bic</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>SWIFT or BIC as defined in ISO 9362.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">branch</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Branch code or name</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">non-banking-institution</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A flag to define if this account belong to a non-banking organisation. If set to true, it’s a non-banking organisation.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">account</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">bank-account-nr</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Account number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">currency-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Currency of the account. ['USD', 'EUR']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">aba-rtn</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">aba-rtn</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>ABA routing transit number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">account-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A field to freely describe the bank account details.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">iban</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">iban</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IBAN of the bank account.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">client-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Client number as seen by the bank.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">personal-account-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Account type. ['A - Business', 'B - Personal Current', 'C - Savings', 'D - Trust Account', 'E - Trading Account', 'O - Other']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">opened</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the account was opened.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">closed</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the account was closed.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">balance</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The balance of the account after the suspicious transaction was processed.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">date-balance</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the balance was reported.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">status-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Account status at the time of the transaction processed. ['A - Active', 'B - Inactive', 'C - Dormant']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">beneficiary</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Final beneficiary of the bank account.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">beneficiary-comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comment about the final beneficiary.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comments</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comments about the bank account.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">report-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Report code of the bank account. ['CTR Cash Transaction Report', 'STR Suspicious Transaction Report', 'EFT Electronic Funds Transfer', 'IFT International Funds Transfer', 'TFR Terror Financing Report', 'BCR Border Cash Report', 'UTR Unusual Transaction Report', 'AIF Additional Information File – Can be used for example to get full disclosure of transactions of an account for a period of time without reporting it as a CTR.', 'IRI Incoming Request for Information – International', 'ORI Outgoing Request for Information – International', 'IRD Incoming Request for Information – Domestic', 'ORD Outgoing Request for Information – Domestic']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_cap_alert"><a class="anchor" href="#_cap_alert"></a><a class="link" href="#_cap_alert">cap-alert</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Common Alerting Protocol Version (CAP) alert object.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
cap-alert is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cap-alert/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">identifier</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sender</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The identifier of the sender of the alert message which identifies the originator of this alert. Guaranteed by assigner to be unique globally; e.g., may be based on an Internet domain name.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sent</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The time and date of the origination of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">status</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the appropriate handling of the alert message. ['Actual', 'Exercise', 'System', 'Test', 'Draft']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">msgType</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the nature of the alert message. ['Alert', 'Update', 'Cancel', 'Ack', 'Error']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">source</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text identifying the source of the alert message. The particular source of this alert; e.g., an operator or a specific device.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">scope</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the intended distribution of the alert message. ['Public', 'Restricted', 'Private']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">restriction</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the rule for limiting distribution of the restricted alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">addresses</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The group listing of intended recipients of the alert message. (1) Required when <scope> is “Private”, optional when <scope> is “Public” or “Restricted”. (2) Each recipient SHALL be identified by an identifier or an address. (3) Multiple space-delimited addresses MAY be included. Addresses including whitespace MUST be enclosed in double-quotes.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the special handling of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">note</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the purpose or significance of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">references</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The group listing identifying earlier message(s) referenced by the alert message. (1) The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one. (2) If multiple messages are referenced, they SHALL be separated by whitespace.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">incident</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The group listing naming the referent incident(s) of the alert message. (1) Used to collate multiple messages referring to different aspects of the same incident. (2) If multiple incident identifiers are referenced, they SHALL be separated by whitespace. Incident names including whitespace SHALL be surrounded by double-quotes.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_cap_info"><a class="anchor" href="#_cap_info"></a><a class="link" href="#_cap_info">cap-info</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Common Alerting Protocol Version (CAP) info object.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
cap-info is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cap-info/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">language</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the language of the info sub-element of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">category</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the category of the subject event of the alert message. ['Geo', 'Met', 'Safety', 'Security', 'Rescue', 'Fire', 'Health', 'Env', 'Transport', 'Infra', 'CBRNE', 'Other']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">event</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text denoting the type of the subject event of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">responseType</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the type of action recommended for the target audience. ['Shelter', 'Evacuate', 'Prepare', 'Execute', 'Avoid', 'Monitor', 'Assess', 'AllClear', 'None']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">urgency</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the urgency of the subject event of the alert message. ['Immediate', 'Expected', 'Future', 'Past', 'Unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">severity</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the severity of the subject event of the alert message. ['Extreme', 'Severe', 'Moderate', 'Minor', 'Unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">certainty</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code denoting the certainty of the subject event of the alert message. For backward compatibility with CAP 1.0, the deprecated value of “Very Likely” SHOULD be treated as equivalent to “Likely”. ['Likely', 'Possible', 'Unlikely', 'Unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">audience</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the intended audience of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">eventCode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A system-specific code identifying the event type of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">effective</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The effective time of the information of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">onset</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The expected time of the beginning of the subject event of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">expires</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The expiry time of the information of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">senderName</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text naming the originator of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">headline</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text headline of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the subject event of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">instruction</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the recommended action to be taken by recipients of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">web</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The identifier of the hyperlink associating additional information with the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">contact</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the contact for follow-up and confirmation of the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">parameter</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A system-specific additional parameter associated with the alert message.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_cap_resource"><a class="anchor" href="#_cap_resource"></a><a class="link" href="#_cap_resource">cap-resource</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Common Alerting Protocol Version (CAP) resource object.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
cap-resource is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cap-resource/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">resourceDesc</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The text describing the type and content of the resource file.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mimeType</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mime-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The identifier of the MIME content type and sub-type describing the resource file.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The integer indicating the size of the resource file.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">uri</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The identifier of the hyperlink for the resource file.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">derefUri</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The base-64 encoded data content of the resource file.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">digest</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_coin_address"><a class="anchor" href="#_coin_address"></a><a class="link" href="#_coin_address">coin-address</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An address used in a cryptocurrency.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
coin-address is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/coin-address/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">btc</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Address used as a payment destination in a cryptocurrency</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">symbol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The (uppercase) symbol of the cryptocurrency used. Symbol should be from <a href="https://coinmarketcap.com/all/views/all/" class="bare">https://coinmarketcap.com/all/views/all/</a> ['BTC', 'ETH', 'BCH', 'XRP', 'MIOTA', 'DASH', 'BTG', 'LTC', 'ADA', 'XMR', 'ETC', 'NEO', 'NEM', 'EOS', 'XLM', 'BCC', 'LSK', 'OMG', 'QTUM', 'ZEC', 'USDT', 'HSR', 'STRAT', 'WAVES', 'PPT']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time this payment destination address has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time this payment destination address has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_cookie"><a class="anchor" href="#_cookie"></a><a class="link" href="#_cookie">cookie</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with the next request to the same server. Typically, it’s used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
cookie is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cookie/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full cookie</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the cookie (if splitted)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie-value</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Value of the cookie (if splitted)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the cookie.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of cookie and how it’s used in this specific object. ['Session management', 'Personalization', 'Tracking', 'Exfiltration', 'Malicious Payload', 'Beaconing']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_course_of_action"><a class="anchor" href="#_course_of_action"></a><a class="link" href="#_course_of_action">course-of-action</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object describing a specific measure taken to prevent or respond to an attack..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
course-of-action is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/course-of-action/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The name used to identify the course of action.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The type of the course of action. ['Perimeter Blocking', 'Internal Blocking', 'Redirection', 'Redirection (Honey Pot)', 'Hardening', 'Patching', 'Eradication', 'Rebuilding', 'Training', 'Monitoring', 'Physical Access Restrictions', 'Logical Access Restrictions', 'Public Disclosure', 'Diplomatic Actions', 'Policy Actions', 'Other']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the course of action.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">objective</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The objective of the course of action.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">stage</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The stage of the threat management lifecycle that the course of action is applicable to. ['Remedy', 'Response']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cost</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The estimated cost of applying the course of action. ['High', 'Medium', 'Low', 'None', 'Unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">impact</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The estimated impact of applying the course of action. ['High', 'Medium', 'Low', 'None', 'Unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">efficacy</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The estimated efficacy of applying the course of action. ['High', 'Medium', 'Low', 'None', 'Unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_cowrie"><a class="anchor" href="#_cowrie"></a><a class="link" href="#_cowrie">cowrie</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Cowrie honeypot object template.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
cowrie is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cowrie/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">eventid</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Eventid of the session in the cowrie honeypot</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">system</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>System origin in cowrie honeypot</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Username related to the password(s)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">password</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Password</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">session</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Session id</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the event happened</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">message</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Message of the cowrie honeypot</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Protocol used in the cowrie honeypot</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sensor</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Cowrie sensor name</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src_ip</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source IP address of the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst_ip</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination IP address of the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src_port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source port of the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst_port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port of the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">isError</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>isError</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">input</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Input of the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">macCS</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>SSH MAC supported in the sesssion</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">keyAlgs</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>SSH public-key algorithm supported in the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">encCS</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>SSH symmetric encryption algorithm supported in the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">compCS</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>SSH compression algorithm supported in the session</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_credential"><a class="anchor" href="#_credential"></a><a class="link" href="#_credential">credential</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s)..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
credential is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/credential/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the credential(s)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Username related to the password(s)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">password</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Password</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of password(s) ['password', 'api-key', 'encryption-key', 'unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">format</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">notification</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Mention of any notification(s) towards the potential owner(s) of the credential(s) ['victim-notified', 'service-notified', 'none']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_credit_card"><a class="anchor" href="#_credit_card"></a><a class="link" href="#_credit_card">credit-card</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A payment card like credit card, debit card or any similar cards which can be used for financial transactions..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
credit-card is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/credit-card/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Version of the card.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the card.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">card-security-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the card owner.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">issued</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Initial date of validity or issued date.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">expiration</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Maximum date of validity</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cc-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cc-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>credit-card number as encoded on the card.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_ddos"><a class="anchor" href="#_ddos"></a><a class="link" href="#_ddos">ddos</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
ddos is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ddos/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">total-bps</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Bits per second</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the DDoS</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination domain (victim)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination IP (victim)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP address originating the attack</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port of the attack</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Port originating the attack</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Beginning of the attack</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Protocol used for the attack ['TCP', 'UDP', 'ICMP', 'IP']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">total-pps</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Packets per second</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>End of the attack</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_diameter_attack"><a class="anchor" href="#_diameter_attack"></a><a class="link" href="#_diameter_attack">diameter-attack</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Attack as seen on diameter authentication against a GSM, UMTS or LTE network.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
diameter-attack is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/diameter-attack/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">category</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Category. ['Cat0', 'Cat1', 'Cat2', 'Cat3', 'CatSMS']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ApplicationId</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Application-ID is used to identify for which Diameter application the message is applicable. Application-ID is a decimal representation.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SessionId</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Session-ID.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">CmdCode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A decimal representation of the diameter Command Code.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">Origin-Host</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Origin-Host.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">Destination-Host</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination-Host.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">Origin-Realm</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Origin-Realm.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">Destination-Realm</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination-Realm.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">Username</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Username (in this case, usually the IMSI).</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">IdrFlags</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IDR-Flags.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the attack seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the attack has been seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_domain_ip"><a class="anchor" href="#_domain_ip"></a><a class="link" href="#_domain_ip">domain-ip</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A domain and IP address seen as a tuple in a specific time frame..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
domain-ip is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/domain-ip/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the tuple</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time the tuple has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time the tuple has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Domain name</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP Address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_elf"><a class="anchor" href="#_elf"></a><a class="link" href="#_elf">elf</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a Executable and Linkable Format.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
elf is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/elf/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Address of the entry point</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of ELF ['CORE', 'DYNAMIC', 'EXECUTABLE', 'HIPROC', 'LOPROC', 'NONE', 'RELOCATABLE']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">number-sections</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Number of sections</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">arch</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Architecture of the ELF file ['None', 'M32', 'SPARC', 'i386', 'ARCH_68K', 'ARCH_88K', 'IAMCU', 'ARCH_860', 'MIPS', 'S370', 'MIPS_RS3_LE', 'PARISC', 'VPP500', 'SPARC32PLUS', 'ARCH_960', 'PPC', 'PPC64', 'S390', 'SPU', 'V800', 'FR20', 'RH32', 'RCE', 'ARM', 'ALPHA', 'SH', 'SPARCV9', 'TRICORE', 'ARC', 'H8_300', 'H8_300H', 'H8S', 'H8_500', 'IA_64', 'MIPS_X', 'COLDFIRE', 'ARCH_68HC12', 'MMA', 'PCP', 'NCPU', 'NDR1', 'STARCORE', 'ME16', 'ST100', 'TINYJ', 'x86_64', 'PDSP', 'PDP10', 'PDP11', 'FX66', 'ST9PLUS', 'ST7', 'ARCH_68HC16', 'ARCH_68HC11', 'ARCH_68HC08', 'ARCH_68HC05', 'SVX', 'ST19', 'VAX', 'CRIS', 'JAVELIN', 'FIREPATH', 'ZSP', 'MMIX', 'HUANY', 'PRISM', 'AVR', 'FR30', 'D10V', 'D30V', 'V850', 'M32R', 'MN10300', 'MN10200', 'PJ', 'OPENRISC', 'ARC_COMPACT', 'XTENSA', 'VIDEOCORE', 'TMM_GPP', 'NS32K', 'TPC', 'SNP1K', 'ST200', 'IP2K', 'MAX', 'CR', 'F2MC16', 'MSP430', 'BLACKFIN', 'SE_C33', 'SEP', 'ARCA', 'UNICORE', 'EXCESS', 'DXP', 'ALTERA_NIOS2', 'CRX', 'XGATE', 'C166', 'M16C', 'DSPIC30F', 'CE', 'M32C', 'TSK3000', 'RS08', 'SHARC', 'ECOG2', 'SCORE7', 'DSP24', 'VIDEOCORE3', 'LATTICEMICO32', 'SE_C17', 'TI_C6000', 'TI_C2000', 'TI_C5500', 'MMDSP_PLUS', 'CYPRESS_M8C', 'R32C', 'TRIMEDIA', 'HEXAGON', 'ARCH_8051', 'STXP7X', 'NDS32', 'ECOG1', 'ECOG1X', 'MAXQ30', 'XIMO16', 'MANIK', 'CRAYNV2', 'RX', 'METAG', 'MCST_ELBRUS', 'ECOG16', 'CR16', 'ETPU', 'SLE9X', 'L10M', 'K10M', 'AARCH64', 'AVR32', 'STM8', 'TILE64', 'TILEPRO', 'CUDA', 'TILEGX', 'CLOUDSHIELD', 'COREA_1ST', 'COREA_2ND', 'ARC_COMPACT2', 'OPEN8', 'RL78', 'VIDEOCORE5', 'ARCH_78KOR', 'ARCH_56800EX', 'BA1', 'BA2', 'XCORE', 'MCHP_PIC', 'INTEL205', 'INTEL206', 'INTEL207', 'INTEL208', 'INTEL209', 'KM32', 'KMX32', 'KMX16', 'KMX8', 'KVARC', 'CDP', 'COGE', 'COOL', 'NORC', 'CSR_KALIMBA', 'AMDGPU']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">os_abi</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Header operating system application binary interface (ABI) ['AIX', 'ARM', 'AROS', 'C6000_ELFABI', 'C6000_LINUX', 'CLOUDABI', 'FENIXOS', 'FREEBSD', 'GNU', 'HPUX', 'HURD', 'IRIX', 'MODESTO', 'NETBSD', 'NSK', 'OPENBSD', 'OPENVMS', 'SOLARIS', 'STANDALONE', 'SYSTEMV', 'TRU64']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the ELF</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_elf_section"><a class="anchor" href="#_elf_section"></a><a class="link" href="#_elf_section">elf-section</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a section of an Executable and Linkable Format.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
elf-section is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/elf-section/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] MD5 hash (128 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] Secure Hash Algorithm 1 (160 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (384 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (512 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fuzzy hash using context triggered piecewise hashes (CTPH)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Entropy of the whole section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Size of the section, in bytes</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of the section ['NULL', 'PROGBITS', 'SYMTAB', 'STRTAB', 'RELA', 'HASH', 'DYNAMIC', 'NOTE', 'NOBITS', 'REL', 'SHLIB', 'DYNSYM', 'INIT_ARRAY', 'FINI_ARRAY', 'PREINIT_ARRAY', 'GROUP', 'SYMTAB_SHNDX', 'LOOS', 'GNU_ATTRIBUTES', 'GNU_HASH', 'GNU_VERDEF', 'GNU_VERNEED', 'GNU_VERSYM', 'HIOS', 'LOPROC', 'ARM_EXIDX', 'ARM_PREEMPTMAP', 'HEX_ORDERED', 'X86_64_UNWIND', 'MIPS_REGINFO', 'MIPS_OPTIONS', 'MIPS_ABIFLAGS', 'HIPROC', 'LOUSER', 'HIUSER']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">flag</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Flag of the section ['ALLOC', 'EXCLUDE', 'EXECINSTR', 'GROUP', 'HEX_GPREL', 'INFO_LINK', 'LINK_ORDER', 'MASKOS', 'MASKPROC', 'MERGE', 'MIPS_ADDR', 'MIPS_LOCAL', 'MIPS_MERGE', 'MIPS_NAMES', 'MIPS_NODUPES', 'MIPS_NOSTRIP', 'NONE', 'OS_NONCONFORMING', 'STRINGS', 'TLS', 'WRITE', 'XCORE_SHF_CP_SECTION']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_email"><a class="anchor" href="#_email"></a><a class="link" href="#_email">email</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Email object describing an email with meta-information.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
email is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/email/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">reply-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-reply-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Email address the reply will be sent to</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">message-id</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-message-id</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Message ID</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination email address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cc</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Carbon copy</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">to-display-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-dst-display-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Display name of the receiver</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">subject</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-subject</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Subject</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">screenshot</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Screenshot of email</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Attachment</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x-mailer</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-x-mailer</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>X-Mailer generally tells the program that was used to draft and send the original email</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">header</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-header</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full headers</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">send-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Date the email has been sent</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mime-boundary</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-mime-boundary</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MIME Boundary</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">thread-index</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-thread-index</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Identifies a particular conversation thread</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">from</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Sender email address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">return-path</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Message return path</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">from-display-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-src-display-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Display name of the sender</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-body</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email-body</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Body of the email</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">user-agent</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>User Agent of the sender</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">eml</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full EML</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_fail2ban"><a class="anchor" href="#_fail2ban"></a><a class="link" href="#_fail2ban">fail2ban</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Fail2ban event.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
fail2ban is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/fail2ban/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">banned-ip</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP Address banned by fail2ban</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">processing-timestamp</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Timestamp of the report</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attack-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of the attack</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">failures</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of failures that lead to the ban.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sensor</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Identifier of the sensor</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">victim</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Identifier of the victim</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">logline</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Example log line that caused the ban.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">logfile</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full logfile related to the attack.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_file"><a class="anchor" href="#_file"></a><a class="link" href="#_file">file</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>File object describing a file with meta-information.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
file is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/file/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] MD5 hash (128 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] Secure Hash Algorithm 1 (160 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (384 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (512 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fuzzy hash using context triggered piecewise hashes (CTPH)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">authentihash</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">authentihash</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Authenticode executable signature hash</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Size of the file, in bytes</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Entropy of the whole file</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pattern-in-file</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pattern-in-file</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Pattern that can be found in the file</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the file</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">malware-sample</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">malware-sample</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The file itself (binary)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Filename on disk</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">path</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Path of the filename complete or partial</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">tlsh</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">tlsh</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fuzzy hash by Trend Micro: Locality Sensitive Hash</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">certificate</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Certificate value if the binary is signed with another authentication scheme than authenticode</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mimetype</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mime-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Mime type</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">state</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>State of the file ['Malicious', 'Harmless', 'Signed', 'Revoked', 'Expired', 'Trusted']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_geolocation"><a class="anchor" href="#_geolocation"></a><a class="link" href="#_geolocation">geolocation</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object to describe a geographic location..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
geolocation is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/geolocation/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the location was seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the location was seen for the last time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A generic description of the location.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">latitude</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">longitude</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">altitude</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The altitude is the decimal value of the altitude in the World Geodetic System 84 (WGS84) reference.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Address.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">zipcode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Zip Code.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">city</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>City.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">region</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Region.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">country</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Country.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">epsg</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>EPSG Geodetic Parameter value. This is an integer value of the EPSG.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">spacial-reference</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Default spacial or projection refence for this object. ['WGS84 EPSG:4326', 'Mercator EPSG:3857']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_gtp_attack"><a class="anchor" href="#_gtp_attack"></a><a class="link" href="#_gtp_attack">gtp-attack</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>GTP attack object as seen on a GSM, UMTS or LTE network.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
gtp-attack is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/gtp-attack/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpServingNetwork</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP Serving Network.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpImei</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP IMEI (International Mobile Equipment Identity).</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpMsisdn</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP MSISDN.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpImsi</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP IMSI (International mobile subscriber identity).</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpInterface</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP interface. ['S5', 'S11', 'S10', 'S8', 'Gn', 'Gp']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpMessageType</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP defines a set of messages between two associated GSNs or an SGSN and an RNC. Message type is described as a decimal value.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">PortDest</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">PortSrc</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source port.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ipDest</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP destination address.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ipSrc</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP source address.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">GtpVersion</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>GTP version ['0', '1', '2']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the GTP attack.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the attack has been seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_http_request"><a class="anchor" href="#_http_request"></a><a class="link" href="#_http_request">http-request</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A single HTTP request header.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
http-request is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/http-request/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>HTTP Request comment</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">basicauth-password</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>HTTP Basic Authentication Password</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">basicauth-user</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>HTTP Basic Authentication Username</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">content-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">other</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The MIME type of the body of the request</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cookie</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>An HTTP cookie previously sent by the server with Set-Cookie</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">host</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The domain name of the server</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">method</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">http-method</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>HTTP Method invoked (one of GET, POST, PUT, HEAD, DELETE, OPTIONS, CONNECT)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">referer</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">other</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>This is the address of the previous web page from which a link to the currently requested page was followed</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">proxy-password</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>HTTP Proxy Password</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">proxy-user</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>HTTP Proxy Username</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">uri</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">uri</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Request URI</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full HTTP Request URL</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">user-agent</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">user-agent</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The user agent string of the user agent</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_ip_port"><a class="anchor" href="#_ip_port"></a><a class="link" href="#_ip_port">ip-port</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
ip-port is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ip-port/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the tuple</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time the tuple has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time the tuple has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source port</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Domain</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Hostname</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP Address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_ja3"><a class="anchor" href="#_ja3"></a><a class="link" href="#_ja3">ja3</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. <a href="https://github.com/salesforce/ja3" class="bare">https://github.com/salesforce/ja3</a>.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
ja3 is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ja3/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ja3-fingerprint-md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Hash identifying source</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of detected software ie software, malware</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source IP Address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination IP address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First seen of the SSL/TLS handshake</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last seen of the SSL/TLS handshake</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_legal_entity"><a class="anchor" href="#_legal_entity"></a><a class="link" href="#_legal_entity">legal-entity</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object to describe a legal entity..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
legal-entity is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/legal-entity/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the entity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of an entity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">commercial-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Commercial name of an entity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">legal-form</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Legal form of an entity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">registration-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registration number of an entity in the relevant authority.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">business</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Business area of an entity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">phone-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">phone-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Phone number of an entity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_macho"><a class="anchor" href="#_macho"></a><a class="link" href="#_macho">macho</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a file in Mach-O format..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
macho is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/macho/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Address of the entry point</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of Mach-O ['BUNDLE', 'CORE', 'DSYM', 'DYLIB', 'DYLIB_STUB', 'DYLINKER', 'EXECUTE', 'FVMLIB', 'KEXT_BUNDLE', 'OBJECT', 'PRELOAD']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">number-sections</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Number of sections</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Binary’s name</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the Mach-O file</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_macho_section"><a class="anchor" href="#_macho_section"></a><a class="link" href="#_macho_section">macho-section</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a section of a file in Mach-O format..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
macho-section is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/macho-section/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] MD5 hash (128 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] Secure Hash Algorithm 1 (160 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (384 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (512 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fuzzy hash using context triggered piecewise hashes (CTPH)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Entropy of the whole section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Size of the section, in bytes</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_microblog"><a class="anchor" href="#_microblog"></a><a class="link" href="#_microblog">microblog</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Microblog post like a Twitter tweet or a post on a Facebook wall..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
microblog is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/microblog/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">post</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Original URL location of the microblog post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of the microblog post ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Username who posted the microblog post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">creation-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Initial creation of the microblog post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">modification-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last update of the microblog post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Link into the microblog post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">removal-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the microblog post was removed</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">username-quoted</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Username who are quoted into the microblog post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_mutex"><a class="anchor" href="#_mutex"></a><a class="link" href="#_mutex">mutex</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
mutex is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/mutex/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">operating-system</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Operating system where the mutex has been seen ['Windows', 'Unix']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>name of the mutex</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_netflow"><a class="anchor" href="#_netflow"></a><a class="link" href="#_netflow">netflow</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Netflow object describes an network object based on the Netflowv5/v9 minimal definition.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
netflow is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/netflow/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP address destination of the netflow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP address source of the netflow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port of the netflow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source port of the netflow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">tcp-flags</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>TCP flags of the flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">icmp-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>ICMP type of the flow (if the traffic is ICMP)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-protocol-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP protocol number of this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Protocol used for this flow ['TCP', 'UDP', 'ICMP', 'IP']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-as</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">AS</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source AS number for this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-as</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">AS</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination AS number for this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip_version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP version of this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">direction</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Direction of this flow ['Ingress', 'Egress']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">flow-count</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Flows counted in this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">packet-count</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Packets counted in this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">byte-count</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Bytes counted in this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-packet-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First packet seen in this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-packet-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last packet seen in this flow</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_network_connection"><a class="anchor" href="#_network_connection"></a><a class="link" href="#_network_connection">network-connection</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A local or remote network connection..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
network-connection is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/network-connection/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source IP address of the nework connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination IP address of the nework connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source port of the nework connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port of the nework connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source hostname of the network connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination hostname of the network connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">layer3-protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Layer 3 protocol of the network connection. ['IP', 'ICMP', 'ARP']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">layer4-protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Layer 4 protocol of the network connection. ['TCP', 'UDP']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">layer7-protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Layer 7 protocol of the network connection. ['HTTP', 'HTTPS', 'FTP']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-packet-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Datetime of the first packet seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_network_socket"><a class="anchor" href="#_network_socket"></a><a class="link" href="#_network_socket">network-socket</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Network socket object describes a local or remote network connections based on the socket data structure..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
network-socket is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/network-socket/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source (local) IP address of the network socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source (local) hostname of the network socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination IP address of the network socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination hostname of the network socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Source (local) port of the network socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dst-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Destination port of the network socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">protocol</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Protocol used by the network socket. ['TCP', 'UDP', 'ICMP', 'IP']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">address-family</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Address family who specifies the address family type (AF_*) of the socket connection. ['AF_UNSPEC', 'AF_LOCAL', 'AF_UNIX', 'AF_FILE', 'AF_INET', 'AF_AX25', 'AF_IPX', 'AF_APPLETALK', 'AF_NETROM', 'AF_BRIDGE', 'AF_ATMPVC', 'AF_X25', 'AF_INET6', 'AF_ROSE', 'AF_DECnet', 'AF_NETBEUI', 'AF_SECURITY', 'AF_KEY', 'AF_NETLINK', 'AF_ROUTE', 'AF_PACKET', 'AF_ASH', 'AF_ECONET', 'AF_ATMSVC', 'AF_RDS', 'AF_SNA', 'AF_IRDA', 'AF_PPPOX', 'AF_WANPIPE', 'AF_LLC', 'AF_IB', 'AF_MPLS', 'AF_CAN', 'AF_TIPC', 'AF_BLUETOOTH', 'AF_IUCV', 'AF_RXRPC', 'AF_ISDN', 'AF_PHONET', 'AF_IEEE802154', 'AF_CAIF', 'AF_ALG', 'AF_NFC', 'AF_VSOCK', 'AF_KCM', 'AF_MAX']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain-family</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Domain family who specifies the communication domain (PF_*) of the socket connection. ['PF_UNSPEC', 'PF_LOCAL', 'PF_UNIX', 'PF_FILE', 'PF_INET', 'PF_AX25', 'PF_IPX', 'PF_APPLETALK', 'PF_NETROM', 'PF_BRIDGE', 'PF_ATMPVC', 'PF_X25', 'PF_INET6', 'PF_ROSE', 'PF_DECnet', 'PF_NETBEUI', 'PF_SECURITY', 'PF_KEY', 'PF_NETLINK', 'PF_ROUTE', 'PF_PACKET', 'PF_ASH', 'PF_ECONET', 'PF_ATMSVC', 'PF_RDS', 'PF_SNA', 'PF_IRDA', 'PF_PPPOX', 'PF_WANPIPE', 'PF_LLC', 'PF_IB', 'PF_MPLS', 'PF_CAN', 'PF_TIPC', 'PF_BLUETOOTH', 'PF_IUCV', 'PF_RXRPC', 'PF_ISDN', 'PF_PHONET', 'PF_IEEE802154', 'PF_CAIF', 'PF_ALG', 'PF_NFC', 'PF_VSOCK', 'PF_KCM', 'PF_MAX']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">state</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>State of the socket connection. ['blocking', 'listening']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">option</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Option on the socket connection.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_passive_dns"><a class="anchor" href="#_passive_dns"></a><a class="link" href="#_passive_dns">passive-dns</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
passive-dns is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/passive-dns/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">zone_time_last</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the passive DNS record.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">count</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>How many authoritative DNS answers were received at the Passive DNS Server’s collectors with exactly the given set of values as answers.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">rrname</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Resource Record name of the queried resource.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">rrtype</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Resource Record type as seen by the passive DNS. ['A', 'AAAA', 'CNAME', 'PTR', 'SOA', 'TXT', 'DNAME', 'NS', 'SRV', 'RP', 'NAPTR', 'HINFO', 'A6']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">rdata</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Resource records of the queried resource</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">zone_time_first</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Origin of the Passive DNS response</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">time_last</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time that the unique tuple (rrname, rrtype, rdata) record has been seen by the passive DNS</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">time_first</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time that the unique tuple (rrname, rrtype, rdata) has been seen by the passive DNS</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">bailiwick</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Best estimate of the apex of the zone where this data is authoritative</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sensor_id</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Sensor information where the record was seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_paste"><a class="anchor" href="#_paste"></a><a class="link" href="#_paste">paste</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Paste or similar post from a website allowing to share privately or publicly posts..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
paste is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/paste/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">paste</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw text of the paste or post</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">origin</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Original source of the paste or post. ['pastebin.com', 'pastebin.com_pro', 'pastie.org', 'slexy.org', 'gist.github.com', 'codepad.org', 'safebin.net', 'hastebin.com', 'ghostbin.com']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">title</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Title of the paste or post.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>User who posted the post.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Link to the original source of the paste or post.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the paste has been accessible or seen for the last time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the paste has been accessible or seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_pe"><a class="anchor" href="#_pe"></a><a class="link" href="#_pe">pe</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a Portable Executable.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
pe is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/pe/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pehash</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pehash</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Hash of the structural information about a sample. See <a href="https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/" class="bare">https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/</a></p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">impfuzzy</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">impfuzzy</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fuzzy Hash (ssdeep) calculated from the import table</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">internal-filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>InternalFilename in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">original-filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>OriginalFilename in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">number-sections</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Number of sections</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the PE</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of PE ['exe', 'dll', 'driver', 'unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">imphash</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">imphash</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Hash (md5) calculated from the import table</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">compilation-timestamp</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Compilation timestamp defined in the PE header</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-section-at-position</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the section and position of the section in the PE</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entrypoint-address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Address of the entry point</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">file-description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>FileDescription in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">file-version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>FileVersion in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">lang-id</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Lang ID in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">product-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>ProductName in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">product-version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>ProductVersion in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">company-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>CompanyName in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">legal-copyright</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>LegalCopyright in the resources</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_pe_section"><a class="anchor" href="#_pe_section"></a><a class="link" href="#_pe_section">pe-section</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a section of a Portable Executable.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
pe-section is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/pe-section/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] MD5 hash (128 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] Secure Hash Algorithm 1 (160 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha384</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (384 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (512 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/224</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (224 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sha512/256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ssdeep</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fuzzy hash using context triggered piecewise hashes (CTPH)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">entropy</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Entropy of the whole section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the section ['.rsrc', '.reloc', '.rdata', '.data', '.text']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">size-in-bytes</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Size of the section, in bytes</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text value to attach to the section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">characteristic</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Characteristic of the section ['read', 'write', 'executable']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_person"><a class="anchor" href="#_person"></a><a class="link" href="#_person">person</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object which describes a person or an identity..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
person is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/person/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the person or identity.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last name of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">middle-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">middle-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Middle name of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First name of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mothers-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Mother name, father, second name or other names following country’s regulation.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">title</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Title of the natural person such as Dr. or equivalent.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">alias</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Alias name or known as.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">date-of-birth</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">date-of-birth</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Date of birth of a natural person (in YYYY-MM-DD format).</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">place-of-birth</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">place-of-birth</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Place of birth of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">gender</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">gender</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The gender of a natural person. ['Male', 'Female', 'Other', 'Prefer not to say']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">identity-card-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">identity-card-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The identity card number of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The passport number of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-country</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-country</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The country in which the passport was issued.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-expiration</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">passport-expiration</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The expiration date of a passport.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">redress-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">redress-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The Redress Control Number is the record identifier for people who apply for redress through the DHS Travel Redress Inquiry Program (DHS TRIP). DHS TRIP is for travelers who have been repeatedly identified for additional screening and who want to file an inquiry to have erroneous information corrected in DHS systems.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">social-security-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Social security number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The nationality of a natural person.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_phone"><a class="anchor" href="#_phone"></a><a class="link" href="#_phone">phone</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A phone or mobile phone object which describe a phone..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
phone is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/phone/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">imei</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>International Mobile Equipment Identity (IMEI) is a number, usually unique, to identify 3GPP and iDEN mobile phones, as well as some satellite phones.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">imsi</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">msisdn</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MSISDN (pronounced as /'em es ai es di en/ or misden) is a number uniquely identifying a subscription in a GSM or a UMTS mobile network. Simply put, it is the mapping of the telephone number to the SIM card in a mobile/cellular phone. This abbreviation has a several interpretations, the most common one being Mobile Station International Subscriber Directory Number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">tmsi</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">gummei</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Globally Unique MME Identifier (GUMMEI) is composed from MCC, MNC and MME Identifier (MMEI).</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">guti</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Globally Unique Temporary UE Identity (GUTI) is a temporary identification to not reveal the phone (user equipment in 3GPP jargon) composed of GUMMEI and the M-TMSI.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">serial-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Serial Number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the phone.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the phone has been accessible or seen for the last time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the phone has been accessible or seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_process"><a class="anchor" href="#_process"></a><a class="link" href="#_process">process</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a system process..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
process is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/process/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">creation-time</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Local date/time at which the process was created.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">start-time</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Local date/time at which the process was started.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the process</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pid</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Process ID of the process.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">parent-pid</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Process ID of the parent process.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">child-pid</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Process ID of the child(ren) process.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Port(s) owned by the process.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_r2graphity"><a class="anchor" href="#_r2graphity"></a><a class="link" href="#_r2graphity">r2graphity</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Indicators extracted from files using radare2 and graphml.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
r2graphity is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/r2graphity/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">callback-average</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Average size of a callback</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">callbacks</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of callbacks (functions started as thread)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">shortest-path-to-create-thread</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Shortest path to the first time the binary calls CreateThread</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">create-thread</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of calls to CreateThread</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">memory-allocations</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of memory allocations</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">get-proc-address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of calls to GetProcAddress</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dangling-strings</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">referenced-strings</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of referenced strings</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">callback-largest</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Largest callback</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">gml</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Graph export in G>raph Modelling Language format</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">r2-commit-version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Radare2 commit ID used to generate this object</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the r2graphity object</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">miss-api</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of API call reference that does not resolve to a function offset</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">total-api</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Total amount of API calls</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">unknown-references</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of API calls not ending in a function (Radare2 bug, probalby)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">refsglobalvar</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of API calls outside of code section (glob var, dynamic API)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">local-references</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of API calls inside a code section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">total-functions</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Total amount of functions in the file.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">not-referenced-strings</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">counter</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Amount of not referenced strings</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ratio-functions</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Ratio: amount of functions per kilobyte of code section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ratio-api</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Ratio: amount of API calls per kilobyte of code section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ratio-string</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Ratio: amount of referenced strings per kilobyte of code section</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_regexp"><a class="anchor" href="#_regexp"></a><a class="link" href="#_regexp">regexp</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
regexp is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/regexp/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the regular expression.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">regexp-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of the regular expression syntax. ['PCRE', 'PCRE2', 'POSIX BRE', 'POSIX ERE']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">regexp</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>regexp</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Specify which type corresponds to this regex. ['hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'url', 'user-agent', 'regkey', 'cookie', 'uri', 'filename', 'windows-service-name', 'windows-scheduled-task']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_registry_key"><a class="anchor" href="#_registry_key"></a><a class="link" href="#_registry_key">registry-key</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Registry key object describing a Windows registry key with value and last-modified timestamp.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
registry-key is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/registry-key/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-modified</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time the registry key has been modified</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">data-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registry value type ['REG_NONE', 'REG_SZ', 'REG_EXPAND_SZ', 'REG_BINARY', 'REG_DWORD', 'REG_DWORD_LITTLE_ENDIAN', 'REG_DWORD_BIG_ENDIAN', 'REG_LINK', 'REG_MULTI_SZ', 'REG_RESOURCE_LIST', 'REG_FULL_RESOURCE_DESCRIPTOR', 'REG_RESOURCE_REQUIREMENTS_LIST', 'REG_QWORD', 'REG_QWORD_LITTLE_ENDIAN']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">data</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Data stored in the registry key</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of the registry key</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">key</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">regkey</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full key path</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hive</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Hive used to store the registry key (file on disk)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">root-keys</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Root key of the Windows registry (extracted from the key) ['HKCC', 'HKCR', 'HKCU', 'HKDD', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', 'HKEY_CURRENT_USER', 'HKEY_DYN_DATA', 'HKEY_LOCAL_MACHINE', 'HKEY_PERFORMANCE_DATA', 'HKEY_USERS', 'HKLM', 'HKPD', 'HKU']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_report"><a class="anchor" href="#_report"></a><a class="link" href="#_report">report</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Metadata used to generate an executive level report.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
report is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/report/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">summary</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text summary of the report</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">case-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Case number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_rtir"><a class="anchor" href="#_rtir"></a><a class="link" href="#_rtir">rtir</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>RTIR - Request Tracker for Incident Response.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
rtir is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/rtir/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">classification</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Classification of the RTIR ticket</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IPs automatically extracted from the RTIR ticket</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">constituency</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Constituency of the RTIR ticket</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">queue</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Queue of the RTIR ticket ['incident', 'investigations', 'blocks', 'incident reports']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">subject</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Subject of the RTIR ticket</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">status</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Status of the RTIR ticket ['new', 'open', 'stalled', 'resolved', 'rejected', 'deleted']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ticket-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>ticket-number of the RTIR ticket</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_sandbox_report"><a class="anchor" href="#_sandbox_report"></a><a class="link" href="#_sandbox_report">sandbox-report</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Sandbox report.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
sandbox-report is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/sandbox-report/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">permalink</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Permalink reference</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">score</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Score</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">results</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Freetext result values</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">raw-report</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw report from sandbox</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sandbox-type</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The type of sandbox used ['on-premise', 'web', 'saas']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">on-premise-sandbox</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The on-premise sandbox used ['cuckoo', 'symantec-cas-on-premise', 'bluecoat-maa', 'trendmicro-deep-discovery-analyzer', 'fireeye-ax', 'vmray', 'joe-sandbox-on-premise']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">web-sandbox</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A web sandbox where results are publicly available via an URL ['malwr', 'hybrid-analysis']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">saas-sandbox</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A non-on-premise sandbox, also results are not publicly available ['forticloud-sandbox', 'joe-sandbox-cloud', 'symantec-cas-cloud']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_sb_signature"><a class="anchor" href="#_sb_signature"></a><a class="link" href="#_sb_signature">sb-signature</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Sandbox detection signature.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
sb-signature is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/sb-signature/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">software</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of Sandbox software</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">signature</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name of detection signature - set the description of the detection signature as a comment</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Additional signature description</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Datetime</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_script"><a class="anchor" href="#_script"></a><a class="link" href="#_script">script</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
script is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/script/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">script</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text of the script.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comment associated to the script.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">language</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Scripting language used for the script. ['PowerShell', 'VBScript', 'Bash', 'Lua', 'JavaScript', 'AppleScript', 'AWK', 'Python', 'Perl', 'Ruby', 'Winbatch', 'AutoIt']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Filename used for the script.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">state</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Known state of the script. ['Malicious', 'Unknown', 'Harmless', 'Trusted']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_shortened_link"><a class="anchor" href="#_shortened_link"></a><a class="link" href="#_shortened_link">shortened-link</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Shortened link and its redirect target.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
shortened-link is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/shortened-link/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time this shortened URL has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">redirect-url</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Redirected to URL</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">shortened-url</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Shortened URL</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full domain</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">credential</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Credential (username, password)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description and context of the shortened URL</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_ss7_attack"><a class="anchor" href="#_ss7_attack"></a><a class="link" href="#_ss7_attack">ss7-attack</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
ss7-attack is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/ss7-attack/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">Category</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Category ['Cat0', 'Cat1', 'Cat2.1', 'Cat2.2', 'Cat3.1', 'Cat3.2', 'Cat3.3', 'CatSMS', 'CatSpoofing']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapVersion</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Map version. ['1', '2', '3']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SccpCgGT</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Signaling Connection Control Part (SCCP) CgGT - Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SccpCdGT</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Signaling Connection Control Part (SCCP) CdGT - Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SccpCgPC</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Signaling Connection Control Part (SCCP) CgPC - Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SccpCdPC</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Signaling Connection Control Part (SCCP) CdPC - Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SccpCgSSN</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Signaling Connection Control Part (SCCP) - Decimal value between 0-255.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">SccpCdSSN</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Signaling Connection Control Part (SCCP) - Decimal value between 0-255.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapOpCode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP operation codes - Decimal value between 0-99.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapApplicationContext</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP application context in OID format.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapImsi</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP IMSI. Phone number starting with MCC/MNC.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapMsisdn</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP MSISDN. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapMscGT</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP MSC GT. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapGsmscfGT</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP GSMSCF GT. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapVlrGT</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP VLR GT. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapGmlc</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP GMLC. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapSmscGT</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP SMSC. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapSmsTP-OA</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP SMS TP-OA. Phone number.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapSmsText</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP SMS Text. Important indicators in SMS text.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapSmsTP-PID</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP SMS TP-PID.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapSmsTP-DCS</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP SMS TP-DCS.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapSmsTypeNumber</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP SMS TypeNumber.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapUssdContent</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP USSD Content.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">MapUssdCoding</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>MAP USSD Content.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the attack seen via SS7 logging.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the attack has been seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_stix2_pattern"><a class="anchor" href="#_stix2_pattern"></a><a class="link" href="#_stix2_pattern">stix2-pattern</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
stix2-pattern is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/stix2-pattern/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the stix2-pattern.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">stix2-pattern</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">stix2-pattern</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>STIX 2 pattern</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Version of STIX 2 pattern. ['stix 2.0']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_suricata"><a class="anchor" href="#_suricata"></a><a class="link" href="#_suricata">suricata</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object describing a Suricata rule along with its version and context.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
suricata is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/suricata/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the Suricata rule.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">suricata</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">suricata</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Suricata rule.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Version of the Suricata rule depending where the suricata rule is known to work as expected.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ref</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Reference to the Suricata rule such as origin of the rule or alike.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_target_system"><a class="anchor" href="#_target_system"></a><a class="link" href="#_target_system">target-system</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Description about an targeted system, this could potentially be a compromissed internal system.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
target-system is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/target-system/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">targeted_machine</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-machine</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Targeted system</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">targeted_ip_of_system</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Targeted system IP address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp_seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registered date and time</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_timecode"><a class="anchor" href="#_timecode"></a><a class="link" href="#_timecode">timecode</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
timecode is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/timecode/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the video sequence</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">start-marker-timecode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Start marker timecode in the format hh:mm:ss;ff</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">end-marker-timecode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>End marker timecode in the format hh:mm:ss;ff</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">start-timecode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Start marker timecode in the format hh:mm:ss.mms</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">end-timecode</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>End marker timecode in the format hh:mm:ss.mms</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">recording-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Date of recording of the video sequence</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_timesketch_timeline"><a class="anchor" href="#_timesketch_timeline"></a><a class="link" href="#_timesketch_timeline">timesketch-timeline</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A timesketch timeline object based on mandatory field in timesketch to describe a log entry..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
timesketch-timeline is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/timesketch-timeline/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">message</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Informative message of the event</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp-microsec</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the log entry was seen in microseconds since Unix epoch</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp_desc</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Text explaining what type of timestamp is it</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the log entry was seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_timestamp"><a class="anchor" href="#_timestamp"></a><a class="link" href="#_timestamp">timestamp</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
timestamp is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/timestamp/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the time object.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">precision</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Timestamp precision represents the precision given to first_seen and/or last_seen in this object. ['year', 'month', 'day', 'hour', 'minute', 'full']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time that the linked object or attribute has been seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time that the linked object or attribute has been seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_tor_node"><a class="anchor" href="#_tor_node"></a><a class="link" href="#_tor_node">tor-node</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
tor-node is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/tor-node/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Tor node description.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">nickname</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>router’s nickname.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">fingerprint</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>router’s fingerprint.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Tor node comment.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP address of the Tor node seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">flags</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>list of flag associated with the node.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>parsed version of tor, this is None if the relay’s using a new versioning scheme.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version_line</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>versioning information reported by the node.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">published</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>router’s publication time. This can be different from first-seen and last-seen.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the Tor node designed by the IP address has been seen for the last time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>When the Tor node designed by the IP address has been seen for the first time.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">document</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw document from the consensus.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_transaction"><a class="anchor" href="#_transaction"></a><a class="link" href="#_transaction">transaction</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object to describe a financial transaction..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
transaction is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/transaction/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">transaction-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A unique number identifying a transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">location</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Location where the transaction took place.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">transmode-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>How the transaction was conducted.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">transmode-comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comment describing transmode-code, if needed.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">teller</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Person who conducted the transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">authorized</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Person who autorized the transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Date and time of the transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">amount</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The value of the transaction in local currency.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">date-posting</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Date of posting, if different from date of transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">from-funds-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of funds used to initiate a transaction. ['A Deposit', 'C Currency exchange', 'D Casino chips', 'E Bank draft', 'F Money order', 'G Traveler’s cheques', 'H Life insurance policy', 'I Real estate', 'J Securities', 'K Cash', 'O Other', 'P Cheque']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">to-funds-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Type of funds used to finalize a transaction. ['A Deposit', 'C Currency exchange', 'D Casino chips', 'E Bank draft', 'F Money order', 'G Traveler’s cheques', 'H Life insurance policy', 'I Real estate', 'J Securities', 'K Cash', 'O Other', 'P Cheque']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">from-country</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Origin country of a transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">to-country</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Target country of a transaction.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_url"><a class="anchor" href="#_url"></a><a class="link" href="#_url">url</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
url is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/url/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">fragment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Fragment identifier is a short string of characters that refers to a resource that is subordinate to another, primary resource.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">tld</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Top-Level Domain</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Port number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">scheme</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Scheme ['http', 'https', 'ftp', 'gopher', 'sip']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time this URL has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">resource_path</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Path (between hostname:port and query)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">query_string</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Query (after path, preceded by '?')</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full URL</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain_without_tld</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Domain without Top-Level Domain</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full domain</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">subdomain</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Subdomain</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">credential</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Credential (username, password)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the URL</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-seen</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last time this URL has been seen</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">host</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full hostname</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_victim"><a class="anchor" href="#_victim"></a><a class="link" href="#_victim">victim</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Victim object describes the target of an attack or abuse..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
victim is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/victim/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the victim</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-org</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The name of the department(s) or organisation(s) targeted.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">external</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-external</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>External target organisations affected by this attack.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">classification</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The type of entity being targeted. ['individual', 'group', 'organization', 'class', 'unknown']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">roles</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The list of roles targeted within the victim.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">sectors</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The list of sectors that the victim belong to ['agriculture', 'aerospace', 'automotive', 'communications', 'construction', 'defence', 'education', 'energy', 'engineering', 'entertainment', 'financial services', 'government national', 'government regional', 'government local', 'government public services', 'healthcare', 'hospitality leisure', 'infrastructure', 'insurance', 'manufacturing', 'mining', 'non profit', 'pharmaceuticals', 'retail', 'technology', 'telecommunications', 'transportation', 'utilities']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">regions</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-location</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The list of regions or locations from the victim targeted. ISO 3166 should be used.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">user</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-user</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The username(s) of the user targeted.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">email</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-email</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The email address(es) of the user targeted.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">node</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">target-machine</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Name(s) of node that was targeted.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-dst</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP address(es) of the node targeted.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_virustotal_report"><a class="anchor" href="#_virustotal_report"></a><a class="link" href="#_virustotal_report">virustotal-report</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>VirusTotal report.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
virustotal-report is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/virustotal-report/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">community-score</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Community Score</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">detection-ratio</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Detection Ratio</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">first-submission</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First Submission</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">last-submission</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last Submission</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">permalink</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Permalink Reference</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comment related to this hash</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_vulnerability"><a class="anchor" href="#_vulnerability"></a><a class="link" href="#_vulnerability">vulnerability</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Vulnerability object describing a common vulnerability enumeration which can describe unpublished, under review or embargo vulnerability for software, equipments or hardware..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
vulnerability is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/vulnerability/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">id</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerability</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can updated later.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Description of the vulnerability</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">summary</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Summary of the vulnerability</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerable_configuration</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>The vulnerable configuration is described in CPE format</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">modified</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last modification date</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">published</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Initial publication date</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">created</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>First time when the vulnerability was discovered</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">references</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>External references</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">state</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed. ['Published', 'Embargo', 'Reviewed', 'Vulnerability ID Assigned', 'Reported', 'Fixed']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_whois"><a class="anchor" href="#_whois"></a><a class="link" href="#_whois">whois</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Whois records information for a domain name or an IP address..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
whois is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/whois/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Full whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">registrar</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrar</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registrar of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-name</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registrant name</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-phone</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-phone</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registrant phone number</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-email</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-email</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registrant email address</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">registrant-org</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">whois-registrant-org</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Registrant organisation</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">creation-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Initial creation of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">modification-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Last update of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">expiration-date</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Expiration of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">nameserver</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">hostname</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Nameserver</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">domain</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Domain of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Comment of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-address</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">ip-src</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>IP address of the whois entry</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_x509"><a class="anchor" href="#_x509"></a><a class="link" href="#_x509">x509</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>x509 object describing a X.509 certificate.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
x509 is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/x509/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">subject</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Subject of the certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-algorithm</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Algorithm of the public key</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-size</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Length of the public key (in bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-exponent</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Exponent of the public key</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pubkey-info-modulus</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Modulus of the public key</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-md5</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] MD5 hash (128 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha1</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>[Insecure] Secure Hash Algorithm 1 (160 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">x509-fingerprint-sha256</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Secure Hash Algorithm 2 (256 bits)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">raw-base64</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw certificate base64 encoded (DER format)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">pem</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Raw certificate in PEM formati (Unix-like newlines)</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Free text description of hte certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">validity-not-before</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Certificate invalid before that date</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">validity-not-after</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Certificate invalid after that date</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">issuer</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Issuer of the certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">serial-number</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Serial number of the certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Version of the certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">self_signed</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Self-signed certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">is_ca</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>CA certificate</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dns_names</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>DNS names</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_yabin"><a class="anchor" href="#_yabin"></a><a class="link" href="#_yabin">yabin</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: <a href="https://github.com/AlienVault-OTX/yabin" class="bare">https://github.com/AlienVault-OTX/yabin</a>.</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
yabin is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/yabin/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>yabin.py and regex.txt version used for the generation of the yara rules.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of Yara rule generated.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">whitelist</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Whitelist name used to generate the rules.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">yara-hunt</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Wide yara rule generated from -yh.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Yara rule generated from -y.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_yara"><a class="anchor" href="#_yara"></a><a class="link" href="#_yara">yara</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>An object describing a YARA rule along with its version..</p>
|
||
</div>
|
||
<div class="admonitionblock note">
|
||
<table>
|
||
<tr>
|
||
<td class="icon">
|
||
<i class="fa icon-note" title="Note"></i>
|
||
</td>
|
||
<td class="content">
|
||
yara is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/yara/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
<col style="width: 25%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>A description of the YARA rule.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">yara</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>YARA rule.</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">version</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Version of the YARA rule depending where the yara rule is known to work as expected. ['3.7.1']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">context</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p>Context where the YARA rule can be applied ['all', 'disk', 'memory', 'network']</p>
|
||
</div></div></td>
|
||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||
</div></div></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="sect1">
|
||
<h2 id="_relationships"><a class="anchor" href="#_relationships"></a><a class="link" href="#_relationships">Relationships</a></h2>
|
||
<div class="sectionbody">
|
||
<div class="paragraph">
|
||
<p>Default type of relationships in MISP objects.</p>
|
||
</div>
|
||
<div class="paragraph">
|
||
<p>Relationships are part of MISP object and available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/relationships/definition.json">this location</a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.</p>
|
||
</div>
|
||
<table class="tableblock frame-all grid-all stretch">
|
||
<colgroup>
|
||
<col style="width: 33.3333%;">
|
||
<col style="width: 33.3333%;">
|
||
<col style="width: 33.3334%;">
|
||
</colgroup>
|
||
<thead>
|
||
<tr>
|
||
<th class="tableblock halign-left valign-top">Name of relationship</th>
|
||
<th class="tableblock halign-left valign-top">Description</th>
|
||
<th class="tableblock halign-left valign-top">Format</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">derived-from</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">The information in the target object is based on information from the source object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">duplicate-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source and target objects are semantically duplicates of each other.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">related-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is related to the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">connected-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is connected to the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">contains</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">The references source is containing the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">resolved-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is resolved to the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attributed-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This referenced source is attributed to the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">targets</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes that the source object targets the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">uses</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the use by the source object of the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">indicates</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationships describes that the source object indicates the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">mitigates</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes a source object which mitigates the target object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">variant-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes a source object which is a variant of the target object</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">impersonates</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describe a source object which impersonates the target object</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">authored-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the author of a specific object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">located</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the location (of any type) of a specific object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">included-in</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object included in another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">analysed-with</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object analysed by another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">claimed-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object claimed by another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">communicates-with</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object communicating with another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">dropped-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object dropped by another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">drops</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which drops another object</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">executed-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object executed by another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">affects</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object affected by another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">beacons-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object beaconing to another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">abuses</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which abuses another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">exfiltrates-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object exfiltrating to another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">identifies</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which identifies another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">intercepts</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which intercepts another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">calls</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which calls another objects.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">detected-as</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is detected as another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">followed-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is followed by another object. This can be used when a time reference is missing but a sequence is known.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">preceding-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is preceded by another object. This can be used when a time reference is missing but a sequence is known.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">triggers</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which triggers another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerability-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a vulnerability of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">works-like</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which works like another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">seller-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is selling another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">seller-on</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is selling on another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">trying-to-obtain-the-exploit</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is trying to obtain the exploit described by another object</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">used-by</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is used by another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">affiliated</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is affiliated with another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">alleged-founder-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is the alleged founder of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">attacking-other-group</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which attacks another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">belongs-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which belongs to another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">business-relations</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which has business relations with another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">claims-to-be-the-founder-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which claims to be the founder of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">cooperates-with</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which cooperates with another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">former-member-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a former member of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">successor-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a successor of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">has-joined</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which has joined another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">member-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a member of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">primary-member-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a primary member of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">administrator-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is an administrator of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">is-in-relation-with</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is in relation with another object,</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">provide-support-to</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which provides support to another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">regional-branch</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a regional branch of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">similar</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is similar to another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">subgroup</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a subgroup of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">suspected-link</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is suspected to be linked with another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">same-as</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is the same as another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">creator-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is the creator of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">developer-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is a developer of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">uses-for-recon</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which uses another object for recon.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">operator-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which is an operator of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">overlaps</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which overlaps another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">owner-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which owns another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">publishes-method-for</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which publishes method for another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">recommends-use-of</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which recommends the use of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">released-source-code</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which released source code of another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">released</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which release another object.</p></td>
|
||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<div id="footer">
|
||
<div id="footer-text">
|
||
Last updated 2018-06-19 22:09:32 CEST
|
||
</div>
|
||
</div>
|
||
</body>
|
||
</html> |