MISP Attributes to STIX 2.0 mapping
MISP Attributes are the actual raw data used by analysts to describe the IoCs and observed data related to a specific event (which could be an actual threat report, an IP watchlist, etc.)
Thus, in most of the cases, a MISP Attribute is exported to STIX as Indicator if its to_ids flag is set, or as Observable if its to_ids flag is false. But there are also some other examples where MISP attributes are exported neither as indicator nor as observable, this documentation gives all the details about the single attributes mapping into STIX objects, depending on the type of the attributes.
As we can see in the detailed Events mapping documentation, attributes within their event are exported in different STIX 2.0 objects embedded in a STIX Bundle. Those objects’ references are also embedded within the report object_refs field.
For the rest of this documentation, we will then, in order to keep the content clear enough and to skip the irrelevant part, consider the followings:
- Attributes are exported as Indicator or Observed Data objects in most of the cases depending on the
to_idsflag:- If an attribute is associated with an Indicator object, it means it is exported with the
to_idsflag set toTrue. - If there is an Observed Data with the attribute, it means it is exported with the
to_idsflag unset (False). - If neither an Indicator nor an Observed Data object is documented for a given attribute, the
to_idsflag does not matter because the attribute is never going to be exported as Indicator nor Observed Data.
- If an attribute is associated with an Indicator object, it means it is exported with the
Current mapping
- AS
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "AS", "category": "Network activity", "timestamp": "1603642920", "value": "AS174" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[autonomous-system:number = '174']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "autonomous-system", "number": 174 } }, "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "autonomous-system", "number": 174 } }, "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- attachment
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "attachment", "category": "Payload delivery", "value": "attachment.test", "data": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'attachment.test' AND file:content_ref.payload_bin = 'ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "name": "attachment.test", "content_ref": "1" }, "1": { "type": "artifact", "payload_bin": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK" } }, "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "name": "attachment.test", "content_ref": "1" }, "1": { "type": "artifact", "payload_bin": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK" } }, "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- authentihash
- MISP
{ "type": "authentihash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "AUTHENTIHASH test attribute", "value": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc", "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "AUTHENTIHASH test attribute", "pattern": "[file:hashes.AUTHENTIHASH = 'b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"authentihash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "AUTHENTIHASH": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc" } } }, "labels": [ "misp:type=\"authentihash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- campaign-name
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "campaign-name", "category": "Attribution", "value": "MartyMcFly", "timestamp": "1603642920" } - STIX
- Campaign
{ "type": "campaign", "id": "campaign--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "MartyMcFly", "labels": [ "misp:type=\"campaign-name\"", "misp:category=\"Attribution\"" ] }
- Campaign
- MISP
- domain
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "domain", "category": "Network activity", "value": "circl.lu", "timestamp": "1603642920", "comment": "Domain test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Domain test attribute", "pattern": "[domain-name:value = 'circl.lu']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu" } }, "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu" } }, "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
-
domain ip - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "domain|ip", "category": "Network activity", "value": "circl.lu|149.13.33.14", "timestamp": "1603642920", "comment": "Domain|ip test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Domain|ip test attribute", "pattern": "[domain-name:value = 'circl.lu' AND domain-name:resolves_to_refs[*].value = '149.13.33.14']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu", "resolves_to_refs": [ "1" ] }, "1": { "type": "ipv4-addr", "value": "149.13.33.14" } }, "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu", "resolves_to_refs": [ "1" ] }, "1": { "type": "ipv4-addr", "value": "149.13.33.14" } }, "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- email
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email", "category": "Payload delivery", "value": "address@email.test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-addr:value = 'address@email.test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-addr", "value": "address@email.test" } }, "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-addr", "value": "address@email.test" } }, "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-attachment
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-attachment", "category": "Payload delivery", "value": "email_attachment.test", "timestamp": "1603642920", "comment": "Email attachment test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Email attachment test attribute", "pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'email_attachment.test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": true, "body_multipart": [ { "body_raw_ref": "1", "content_disposition": "attachment; filename='email_attachment.test'" } ] }, "1": { "type": "file", "name": "email_attachment.test" } }, "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": true, "body_multipart": [ { "body_raw_ref": "1", "content_disposition": "attachment; filename='email_attachment.test'" } ] }, "1": { "type": "file", "name": "email_attachment.test" } }, "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-body
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-body", "category": "Payload delivery", "value": "Email body test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:body = 'Email body test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "body": "Email body test" } }, "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "body": "Email body test" } }, "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-dst
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "email-dst", "category": "Payload delivery", "value": "dst@email.test", "timestamp": "1603642920", "comment": "Destination email address test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination email address test attribute", "pattern": "[email-message:to_refs[*].value = 'dst@email.test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "to_refs": [ "1" ] }, "1": { "type": "email-addr", "value": "dst@email.test" } }, "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "to_refs": [ "1" ] }, "1": { "type": "email-addr", "value": "dst@email.test" } }, "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-header
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-header", "category": "Payload delivery", "value": "from mail.example.com ([198.51.100.3]) by smtp.gmail.com", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:received_lines = 'from mail.example.com ([198.51.100.3]) by smtp.gmail.com']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "received_lines": [ "from mail.example.com ([198.51.100.3]) by smtp.gmail.com" ] } }, "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "received_lines": [ "from mail.example.com ([198.51.100.3]) by smtp.gmail.com" ] } }, "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-reply-to
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "email-reply-to", "category": "Payload delivery", "value": "reply-to@email.test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:additional_header_fields.reply_to = 'reply-to@email.test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "additional_header_fields": { "Reply-To": "reply-to@email.test" } } }, "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "additional_header_fields": { "Reply-To": "reply-to@email.test" } } }, "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-src
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-src", "category": "Payload delivery", "value": "src@email.test", "timestamp": "1603642920", "comment": "Source email address test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source email address test attribute", "pattern": "[email-message:from_ref.value = 'src@email.test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "from_ref": "1" }, "1": { "type": "email-addr", "value": "src@email.test" } }, "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "from_ref": "1" }, "1": { "type": "email-addr", "value": "src@email.test" } }, "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-subject
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "email-subject", "category": "Payload delivery", "value": "Test Subject", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:subject = 'Test Subject']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "subject": "Test Subject" } }, "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "subject": "Test Subject" } }, "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- email-x-mailer
- MISP
{ "uuid": "f09d8496-e2ba-4250-878a-bec9b85c7e96", "type": "email-x-mailer", "category": "Payload delivery", "value": "Email X-Mailer test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:additional_header_fields.x_mailer = 'Email X-Mailer test']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "additional_header_fields": { "X-Mailer": "Email X-Mailer test" } } }, "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": false, "additional_header_fields": { "X-Mailer": "Email X-Mailer test" } } }, "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- filename
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "filename", "category": "Payload delivery", "value": "test_file_name", "timestamp": "1603642920", "comment": "Filename test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename test attribute", "pattern": "[file:name = 'test_file_name']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "name": "test_file_name" } }, "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "name": "test_file_name" } }, "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename authentihash - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "filename|authentihash", "category": "Payload delivery", "value": "filename8|b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc", "timestamp": "1603642920", "comment": "Filename|authentihash test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|authentihash test attribute", "pattern": "[file:name = 'filename8' AND file:hashes.AUTHENTIHASH = 'b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|authentihash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "AUTHENTIHASH": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc" }, "name": "filename8" } }, "labels": [ "misp:type=\"filename|authentihash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename imphash - MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "filename|imphash", "category": "Payload delivery", "value": "filename9|68f013d7437aa653a8a98a05807afeb1", "timestamp": "1603642920", "comment": "Filename|imphash test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|imphash test attribute", "pattern": "[file:name = 'filename9' AND file:hashes.IMPHASH = '68f013d7437aa653a8a98a05807afeb1']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "IMPHASH": "68f013d7437aa653a8a98a05807afeb1" }, "name": "filename9" } }, "labels": [ "misp:type=\"filename|imphash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename md5 - MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "filename|md5", "category": "Payload delivery", "value": "filename1|b2a5abfeef9e36964281a31e17b57c97", "timestamp": "1603642920", "comment": "Filename|md5 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|md5 test attribute", "pattern": "[file:name = 'filename1' AND file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" }, "name": "filename1" } }, "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" }, "name": "filename1" } }, "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename pehash - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|pehash", "category": "Payload delivery", "value": "filename10|ffb7a38174aab4744cc4a509e34800aee9be8e57", "timestamp": "1603642920", "comment": "Filename|pehash test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|pehash test attribute", "pattern": "[file:name = 'filename10' AND file:hashes.PEHASH = 'ffb7a38174aab4744cc4a509e34800aee9be8e57']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|pehash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "PEHASH": "ffb7a38174aab4744cc4a509e34800aee9be8e57" }, "name": "filename10" } }, "labels": [ "misp:type=\"filename|pehash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha1 - MISP
{ "uuid": "f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "type": "filename|sha1", "category": "Payload delivery", "value": "filename2|2920d5e6c579fce772e5506caf03af65579088bd", "timestamp": "1603642920", "comment": "Filename|sha1 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha1 test attribute", "pattern": "[file:name = 'filename2' AND file:hashes.SHA1 = '2920d5e6c579fce772e5506caf03af65579088bd']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" }, "name": "filename2" } }, "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" }, "name": "filename2" } }, "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha224 - MISP
{ "uuid": "90bd7dae-b78c-4025-9073-568950c780fb", "type": "filename|sha224", "category": "Payload delivery", "value": "filename3|5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "timestamp": "1603642920", "comment": "Filename|sha224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha224 test attribute", "pattern": "[file:name = 'filename3' AND file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" }, "name": "filename3" } }, "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" }, "name": "filename3" } }, "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha256 - MISP
{ "uuid": "2007ec09-8137-4a71-a3ce-6ef967bebacf", "type": "filename|sha256", "category": "Payload delivery", "value": "filename4|7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4", "timestamp": "1603642920", "comment": "Filename|sha256 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha256 test attribute", "pattern": "[file:name = 'filename4' AND file:hashes.SHA256 = '7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-256": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4" }, "name": "filename4" } }, "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha3-224 - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|sha3-224", "category": "Payload delivery", "value": "testfile.name|3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618", "timestamp": "1603642920", "comment": "Filename|sha3-224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-224 test attribute", "pattern": "[file:name = 'testfile.name' AND file:hashes.SHA3224 = '3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-224": "3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618" }, "name": "testfile.name" } }, "labels": [ "misp:type=\"filename|sha3-224\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha3-256 - MISP
{ "uuid": "e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "type": "filename|sha3-256", "category": "Payload delivery", "value": "filename14|39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4", "timestamp": "1603642920", "comment": "Filename|sha3-256 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-256 test attribute", "pattern": "[file:name = 'filename14' AND file:hashes.SHA3256 = '39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" }, "name": "filename14" } }, "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" }, "name": "filename5" } }, "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha3-384 - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|sha3-384", "category": "Payload delivery", "value": "testfile.name|93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568", "timestamp": "1603642920", "comment": "Filename|sha3-384 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-384 test attribute", "pattern": "[file:name = 'testfile.name' AND file:hashes.SHA3384 = '93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-384": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568" }, "name": "testfile.name" } }, "labels": [ "misp:type=\"filename|sha3-384\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha3-512 - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|sha3-512", "category": "Payload delivery", "value": "testfile.name|fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748", "timestamp": "1603642920", "comment": "Filename|sha3-512 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-512 test attribute", "pattern": "[file:name = 'testfile.name' AND file:hashes.SHA3512 = 'fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-512": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748" }, "name": "testfile.name" } }, "labels": [ "misp:type=\"filename|sha3-512\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha384 - MISP
{ "uuid": "c8760340-85a9-4e40-bfde-522d66ef1e9f", "type": "filename|sha384", "category": "Payload delivery", "value": "filename5|ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce", "timestamp": "1603642920", "comment": "Filename|sha384 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha384 test attribute", "pattern": "[file:name = 'filename5' AND file:hashes.SHA384 = 'ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" }, "name": "filename5" } }, "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" }, "name": "filename6" } }, "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha512 - MISP
{ "uuid": "55ffda25-c3fe-48b5-a6eb-59c986cb593e", "type": "filename|sha512", "category": "Payload delivery", "value": "filename6|28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe", "timestamp": "1603642920", "comment": "Filename|sha512 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512 test attribute", "pattern": "[file:name = 'filename6' AND file:hashes.SHA512 = '28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-512": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe" }, "name": "filename6" } }, "labels": [ "misp:type=\"filename|sha512\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha512/224 - MISP
{ "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a", "type": "filename|sha512/224", "category": "Payload delivery", "value": "filename11|5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "timestamp": "1603642920", "comment": "Filename|sha512/224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512/224 test attribute", "pattern": "[file:name = 'filename11' AND file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512/224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" }, "name": "filename11" } }, "labels": [ "misp:type=\"filename|sha512/224\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename sha512/256 - MISP
{ "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a", "type": "filename|sha512/256", "category": "Payload delivery", "value": "filename11|82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93", "timestamp": "1603642920", "comment": "Filename|sha512/256 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512/256 test attribute", "pattern": "[file:name = 'filename11' AND file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" }, "name": "filename11" } }, "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" }, "name": "filename4" } }, "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename ssdeep - MISP
{ "uuid": "9060e814-a36f-45ab-84e5-66fc82dc7cff", "type": "filename|ssdeep", "category": "Payload delivery", "value": "filename7|96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi", "timestamp": "1603642920", "comment": "Filename|ssdeep test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|ssdeep test attribute", "pattern": "[file:name = 'filename7' AND file:hashes.SSDEEP = '96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "ssdeep": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" }, "name": "filename7" } }, "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "ssdeep": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" }, "name": "filename7" } }, "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename tlsh - MISP
{ "uuid": "7467406e-88d3-4856-afc9-412459bc3c8b", "type": "filename|tlsh", "category": "Payload delivery", "value": "filename12|c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297", "timestamp": "1603642920", "comment": "Filename|tlsh test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|tlsh test attribute", "pattern": "[file:name = 'filename12' AND file:hashes.TLSH = 'c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" }, "name": "filename12" } }, "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" }, "name": "filename8" } }, "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
-
filename vhash - MISP
{ "uuid": "cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "type": "filename|vhash", "category": "Payload delivery", "value": "filename13|115056655d15151138z66hz1021z55z66z3", "timestamp": "1603642920", "comment": "Filename|vhash test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|vhash test attribute", "pattern": "[file:name = 'filename13' AND file:hashes.VHASH = '115056655d15151138z66hz1021z55z66z3']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|vhash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "VHASH": "115056655d15151138z66hz1021z55z66z3" }, "name": "filename13" } }, "labels": [ "misp:type=\"filename|vhash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- github-username
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "github-username", "category": "Social network", "value": "chrisr3d", "timestamp": "1603642920", "comment": "Github username test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Github username test attribute", "pattern": "[user-account:account_type = 'github' AND user-account:account_login = 'chrisr3d']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Social network" } ], "labels": [ "misp:type=\"github-username\"", "misp:category=\"Social network\"", "misp:to_ids=\"True\"" ] } - Observed_data
{ "type": "x-misp-attribute", "id": "x-misp-attribute--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "labels": [ "misp:type=\"github-username\"", "misp:category=\"Social network\"" ], "x_misp_category": "Social network", "x_misp_comment": "Github username test attribute", "x_misp_type": "github-username", "x_misp_value": "chrisr3d" }
- Indicator
- MISP
- hostname
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "hostname", "category": "Network activity", "value": "circl.lu", "timestamp": "1603642920", "comment": "Hostname test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Hostname test attribute", "pattern": "[domain-name:value = 'circl.lu']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu" } }, "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu" } }, "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
-
hostname port - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "hostname|port", "category": "Network activity", "value": "circl.lu|8443", "timestamp": "1603642920", "comment": "Hostname|port test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Hostname|port test attribute", "pattern": "[domain-name:value = 'circl.lu' AND network-traffic:dst_port = '8443']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu" }, "1": { "type": "network-traffic", "dst_ref": "0", "dst_port": 8443, "protocols": [ "tcp" ] } }, "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu" }, "1": { "type": "network-traffic", "dst_ref": "0", "dst_port": 8443, "protocols": [ "tcp" ] } }, "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- http-method
- MISP
{ "uuid": "d94bdd2c-3603-4044-8b70-20090e7526ad", "type": "http-method", "category": "Network activity", "value": "POST", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--d94bdd2c-3603-4044-8b70-20090e7526ad", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_method = 'POST']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"http-method\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- imphash
- MISP
{ "type": "imphash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "IMPHASH test attribute", "value": "68f013d7437aa653a8a98a05807afeb1", "uuid": "518b4bcb-a86b-4783-9457-391d548b605b" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "IMPHASH test attribute", "pattern": "[file:hashes.IMPHASH = '68f013d7437aa653a8a98a05807afeb1']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "IMPHASH": "68f013d7437aa653a8a98a05807afeb1" } } }, "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- ip-dst
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "ip-dst", "category": "Network activity", "value": "5.6.7.8", "timestamp": "1603642920", "comment": "Destination IP test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination IP test attribute", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "dst_ref": "1", "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "5.6.7.8" } }, "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "dst_ref": "1", "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "5.6.7.8" } }, "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
-
ip-dst port - MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "ip-dst|port", "category": "Network activity", "value": "5.6.7.8|5678", "timestamp": "1603642920", "comment": "Destination IP | Port test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination IP | Port test attribute", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8' AND network-traffic:dst_port = '5678']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "dst_ref": "1", "dst_port": 5678, "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "5.6.7.8" } }, "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "dst_ref": "1", "dst_port": 5678, "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "5.6.7.8" } }, "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- ip-src
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "ip-src", "category": "Network activity", "value": "1.2.3.4", "timestamp": "1603642920", "comment": "Source IP test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source IP test attribute", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "1.2.3.4" } }, "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "1.2.3.4" } }, "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
-
ip-src port - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "ip-src|port", "category": "Network activity", "value": "1.2.3.4|1234", "timestamp": "1603642920", "comment": "Source IP | Port test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source IP | Port test attribute", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4' AND network-traffic:src_port = '1234']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "src_port": 1234, "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "1.2.3.4" } }, "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "src_port": 1234, "protocols": [ "tcp" ] }, "1": { "type": "ipv4-addr", "value": "1.2.3.4" } }, "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- link
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "link", "category": "External analysis", "value": "https://misp-project.org/download/", "timestamp": "1603642920", "comment": "Link test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Link test attribute", "pattern": "[url:value = 'https://misp-project.org/download/']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "url", "value": "https://misp-project.org/download/" } }, "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }
- Indicator
- MISP
- mac-address
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "mac-address", "category": "Payload delivery", "value": "12:34:56:78:90:AB", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[mac-addr:value = '12:34:56:78:90:AB']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "mac-addr", "value": "12:34:56:78:90:ab" } }, "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "mac-addr", "value": "12:34:56:78:90:ab" } }, "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- malware-sample
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "malware-sample", "category": "Payload delivery", "value": "oui|8764605c6f388c89096b534d33565802", "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "timestamp": "1603642920", "comment": "Malware Sample test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Malware Sample test attribute", "pattern": "[file:name = 'oui' AND file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==' AND file:content_ref.mime_type = 'application/zip']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" }, "name": "oui", "content_ref": "1" }, "1": { "type": "artifact", "mime_type": "application/zip", "payload_bin": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==" } }, "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" }, "name": "oui", "content_ref": "1" }, "1": { "type": "artifact", "mime_type": "application/zip", "payload_bin": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==" } }, "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- md5
- MISP
{ "type": "md5", "category": "Payload delivery", "timestamp": "1603642920", "comment": "MD5 test attribute", "value": "b2a5abfeef9e36964281a31e17b57c97", "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "MD5 test attribute", "pattern": "[file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" } } }, "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" } } }, "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- mutex
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "mutex", "category": "Artifacts dropped", "value": "MutexTest", "timestamp": "1603642920", "comment": "Mutex test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Mutex test attribute", "pattern": "[mutex:name = 'MutexTest']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "mutex", "name": "MutexTest" } }, "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "mutex", "name": "MutexTest" } }, "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }
- Indicator
- MISP
- pehash
- MISP
{ "type": "pehash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "PEHASH test attribute", "value": "ffb7a38174aab4744cc4a509e34800aee9be8e57", "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "PEHASH test attribute", "pattern": "[file:hashes.PEHASH = 'ffb7a38174aab4744cc4a509e34800aee9be8e57']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"pehash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "PEHASH": "ffb7a38174aab4744cc4a509e34800aee9be8e57" } } }, "labels": [ "misp:type=\"pehash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- port
- MISP
{ "uuid": "1af096a0-efa1-4331-9300-a6b5eb4df2e6", "type": "port", "category": "Network activity", "value": "8443", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--1af096a0-efa1-4331-9300-a6b5eb4df2e6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[network-traffic:dst_port = '8443']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- regkey
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "regkey", "category": "Persistence mechanism", "value": "HKLM\\Software\\mthjk", "timestamp": "1603642920", "comment": "Regkey test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Regkey test attribute", "pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\mthjk']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Persistence mechanism" } ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "windows-registry-key", "key": "HKLM\\Software\\mthjk" } }, "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "windows-registry-key", "key": "HKLM\\Software\\mthjk" } }, "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }
- Indicator
- MISP
-
regkey value - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "regkey|value", "category": "Persistence mechanism", "value": "HKLM\\Software\\mthjk|%DATA%\\1234567890", "timestamp": "1603642920", "comment": "Regkey | value test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Regkey | value test attribute", "pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\mthjk' AND windows-registry-key:values.data = '\\\\%DATA\\\\%\\\\1234567890']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Persistence mechanism" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "windows-registry-key", "key": "HKLM\\Software\\mthjk", "values": [ { "name": "", "data": "%DATA%\\1234567890" } ] } }, "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] } - Obsevred_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "windows-registry-key", "key": "HKLM\\Software\\mthjk", "values": [ { "name": "", "data": "%DATA%\\1234567890" } ] } }, "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] } - Obsevred Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "windows-registry-key", "key": "HKLM\\Software\\mthjk", "values": [ { "name": "", "data": "%DATA%\\1234567890" } ] } }, "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }
- Indicator
- MISP
- sha1
- MISP
{ "type": "sha1", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA1 test attribute", "value": "2920d5e6c579fce772e5506caf03af65579088bd", "uuid": "f2259650-bc33-4b64-a3a8-a324aa7ea6bb" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA1 test attribute", "pattern": "[file:hashes.SHA1 = '2920d5e6c579fce772e5506caf03af65579088bd']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" } } }, "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" } } }, "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha224
- MISP
{ "type": "sha224", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA224 test attribute", "value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "uuid": "90bd7dae-b78c-4025-9073-568950c780fb" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA224 test attribute", "pattern": "[file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" } } }, "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" } } }, "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha256
- MISP
{ "type": "sha256", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA256 test attribute", "value": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4", "uuid": "2007ec09-8137-4a71-a3ce-6ef967bebacf" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA256 test attribute", "pattern": "[file:hashes.SHA256 = '7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-256": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4" } } }, "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha3-224
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "sha3-224", "category": "Payload delivery", "value": "3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618", "timestamp": "1603642920", "comment": "SHA3-224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-224 test attribute", "pattern": "[file:hashes.SHA3224 = '3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-224": "3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618" } } }, "labels": [ "misp:type=\"sha3-224\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha3-256
- MISP
{ "type": "sha3-256", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA3-256 test attribute", "value": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4", "uuid": "e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-256 test attribute", "pattern": "[file:hashes.SHA3256 = '39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" } } }, "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" } } }, "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha3-384
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "sha3-384", "category": "Payload delivery", "value": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568", "timestamp": "1603642920", "comment": "SHA3-384 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-384 test attribute", "pattern": "[file:hashes.SHA3384 = '93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-384": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568" } } }, "labels": [ "misp:type=\"sha3-384\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha3-512
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "sha3-512", "category": "Payload delivery", "value": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748", "timestamp": "1603642920", "comment": "SHA3-512 test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-512 test attribute", "pattern": "[file:hashes.SHA3512 = 'fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA3-512": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748" } } }, "labels": [ "misp:type=\"sha3-512\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha384
- MISP
{ "type": "sha384", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA384 test attribute", "value": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce", "uuid": "c8760340-85a9-4e40-bfde-522d66ef1e9f" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA384 test attribute", "pattern": "[file:hashes.SHA384 = 'ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" } } }, "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" } } }, "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha512
- MISP
{ "type": "sha512", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512 test attribute", "value": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe", "uuid": "55ffda25-c3fe-48b5-a6eb-59c986cb593e" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512 test attribute", "pattern": "[file:hashes.SHA512 = '28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-512": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe" } } }, "labels": [ "misp:type=\"sha512\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha512/224
- MISP
{ "type": "sha512/224", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512/224 test attribute", "value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512/224 test attribute", "pattern": "[file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" } } }, "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- sha512/256
- MISP
{ "type": "sha512/256", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512/256 test attribute", "value": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93", "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512/256 test attribute", "pattern": "[file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" } } }, "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" } } }, "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- size-in-bytes
- MISP
{ "uuid": "8be8065b-ca71-4210-976e-2804665a502d", "type": "size-in-bytes", "value": "1234", "category": "Other", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--8be8065b-ca71-4210-976e-2804665a502d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:size = '1234']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Other" } ], "labels": [ "misp:type=\"size-in-bytes\"", "misp:category=\"Other\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- ssdeep
- MISP
{ "type": "ssdeep", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SSDEEP test attribute", "value": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi", "uuid": "9060e814-a36f-45ab-84e5-66fc82dc7cff" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SSDEEP test attribute", "pattern": "[file:hashes.SSDEEP = '96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "ssdeep": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" } } }, "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "ssdeep": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" } } }, "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- telfhash
- MISP
{ "uuid": "4846cade-2492-4e7d-856e-2afcd282455b", "type": "telfhash", "category": "Payload delivery", "timestamp": "1603642920", "value": "b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b", "comment": "TELFHASH test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--4846cade-2492-4e7d-856e-2afcd282455b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "TELFHASH test attribute", "pattern": "[file:hashes.TELFHASH = 'b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"telfhash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--4846cade-2492-4e7d-856e-2afcd282455b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "TELFHASH": "b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b" } } }, "labels": [ "misp:type=\"telfhash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- tlsh
- MISP
{ "type": "tlsh", "category": "Payload delivery", "timestamp": "1603642920", "comment": "TLSH test attribute", "value": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297", "uuid": "7467406e-88d3-4856-afc9-412459bc3c8b" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "TLSH test attribute", "pattern": "[file:hashes.TLSH = 'c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" } } }, "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" } } }, "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- uri
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "uri", "category": "Network activity", "value": "https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova", "timestamp": "1603642920", "comment": "URI test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "URI test attribute", "pattern": "[url:value = 'https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"uri\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "url", "value": "https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova" } }, "labels": [ "misp:type=\"uri\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- url
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "url", "category": "Network activity", "value": "https://vm.misp-project.org/latest/", "timestamp": "1603642920", "comment": "URL test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "URL test attribute", "pattern": "[url:value = 'https://vm.misp-project.org/latest/']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "url", "value": "https://vm.misp-project.org/latest/" } }, "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "url", "value": "https://misp-project.org/download/" } }, "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- user-agent
- MISP
{ "uuid": "f0b5b638-81b4-4509-bd40-1e114955caf4", "type": "user-agent", "category": "Network activity", "value": "Mozilla Firefox", "timestamp": "1603642920", "comment": "User-agent test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--f0b5b638-81b4-4509-bd40-1e114955caf4", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "User-agent test attribute", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla Firefox']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- vhash
- MISP
{ "type": "vhash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "VHASH test attribute", "value": "115056655d15151138z66hz1021z55z66z3", "uuid": "cea8c6f6-696c-41cc-b7c7-2566ca0b0975" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "VHASH test attribute", "pattern": "[file:hashes.VHASH = '115056655d15151138z66hz1021z55z66z3']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"vhash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "VHASH": "115056655d15151138z66hz1021z55z66z3" } } }, "labels": [ "misp:type=\"vhash\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- vulnerability
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "vulnerability", "category": "External analysis", "value": "CVE-2017-11774", "timestamp": "1603642920", "comment": "Vulnerability test attribute" } - STIX
- Vulnerability
{ "type": "vulnerability", "id": "vulnerability--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "CVE-2017-11774", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-11774" } ] }
- Vulnerability
- MISP
- x509-fingerprint-md5
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "x509-fingerprint-md5", "category": "Payload delivery", "value": "8764605c6f388c89096b534d33565802", "timestamp": "1603642920", "comment": "X509 MD5 fingerprint test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 MD5 fingerprint test attribute", "pattern": "[x509-certificate:hashes.MD5 = '8764605c6f388c89096b534d33565802']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" } } }, "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" } } }, "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- x509-fingerprint-sha1
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "x509-fingerprint-sha1", "category": "Payload delivery", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "timestamp": "1603642920", "comment": "X509 SHA1 fingerprint test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 SHA1 fingerprint test attribute", "pattern": "[x509-certificate:hashes.SHA1 = '46aba99aa7158e4609aaa72b50990842fd22ae86']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "SHA-1": "46aba99aa7158e4609aaa72b50990842fd22ae86" } } }, "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "SHA-1": "46aba99aa7158e4609aaa72b50990842fd22ae86" } } }, "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
- x509-fingerprint-sha256
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "x509-fingerprint-sha256", "category": "Payload delivery", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "timestamp": "1603642920", "comment": "X509 SHA256 fingerprint test attribute" } - STIX
- Indicator
{ "type": "indicator", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 SHA256 fingerprint test attribute", "pattern": "[x509-certificate:hashes.SHA256 = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "SHA-256": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b" } } }, "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"" ] } - Observed_data
{ "type": "observed-data", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "SHA-256": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b" } } }, "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"" ] }
- Indicator
- MISP
Unmapped attribute types
You may have noticed we are very far from having all the attribute types supported. This is due to the various use cases that MISP can be used for.
Nonetheless, every attribute whose type is not in the list, is exported as Custom object.
With the following examples, btc and iban are attribute types that are not mapped, where the other ones:
- are already mentioned above and giving valid STIX 2.0 pattern expressions when their
to_idsflag is set toTrue. - are not providing enough information to produce Observable objects and are then exported as
Customobjects when theirto_idsflag is unset.
Let us see those examples of custom objects exported from attributes:
- btc
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "btc", "category": "Financial fraud", "value": "1E38kt7ryhbRXUzbam6iQ6sd93VHUUdjEE", "timestamp": "1603642920", "comment": "Btc test attribute", "to_ids": true } - STIX
{ "type": "x-misp-object-btc", "id": "x-misp-object-btc--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:40:59.000Z", "modified": "2021-03-11T13:40:59.000Z", "labels": [ "misp:type=\"btc\"", "misp:category=\"Financial fraud\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Financial fraud", "x_misp_comment": "Btc test attribute", "x_misp_value": "1E38kt7ryhbRXUzbam6iQ6sd93VHUUdjEE" }
- MISP
- http-method
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "http-method", "category": "Network activity", "value": "POST", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-http-method", "id": "x-misp-object-http-method--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:40:59.000Z", "modified": "2021-03-11T13:40:59.000Z", "labels": [ "misp:type=\"http-method\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_value": "POST" }
- MISP
- iban
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "iban", "category": "Financial fraud", "value": "LU1234567890ABCDEF1234567890", "timestamp": "1603642920", "comment": "IBAN test attribute", "to_ids": true } - STIX
{ "type": "x-misp-object-iban", "id": "x-misp-object-iban--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:40:59.000Z", "modified": "2021-03-11T13:40:59.000Z", "labels": [ "misp:type=\"iban\"", "misp:category=\"Financial fraud\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Financial fraud", "x_misp_comment": "IBAN test attribute", "x_misp_value": "LU1234567890ABCDEF1234567890" }
- MISP
- port
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "port", "category": "Network activity", "value": "8443", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-port", "id": "x-misp-object-port--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:40:59.000Z", "modified": "2021-03-11T13:40:59.000Z", "labels": [ "misp:type=\"port\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_value": "8443" }
- MISP
- size-in-bytes
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "size-in-bytes", "value": "1234", "category": "Other", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-size-in-bytes", "id": "x-misp-object-size-in-bytes--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:40:59.000Z", "modified": "2021-03-11T13:40:59.000Z", "labels": [ "misp:type=\"size-in-bytes\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_value": "1234" }
- MISP
- user-agent
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "user-agent", "category": "Network activity", "value": "Mozilla Firefox", "timestamp": "1603642920", "comment": "User-agent test attribute", "to_ids": false } - STIX
{ "type": "x-misp-object-user-agent", "id": "x-misp-object-user-agent--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:40:59.000Z", "modified": "2021-03-11T13:40:59.000Z", "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "User-agent test attribute", "x_misp_value": "Mozilla Firefox" }
- MISP
The other detailed mappings
For more detailed mappings, click on one of the link below: