MISP Attributes to STIX 2.1 mapping
MISP Attributes are the actual raw data used by analysts to describe the IoCs and observed data related to a specific event (which could be an actual threat report, an IP watchlist, etc.)
Thus, in most of the cases, a MISP Attribute is exported to STIX as Indicator if its to_ids flag is set, or as Observable if its to_ids flag is false. But there are also some other examples where MISP attributes are exported neither as indicator nor as observable, this documentation gives all the details about the single attributes mapping into STIX objects, depending on the type of the attributes.
As we can see in the detailed Events mapping documentation, attributes within their event are exported in different STIX 2.1 objects embedded in a STIX Bundle. Those objects’ references are also embedded within the Report or Grouping object_refs field.
For the rest of this documentation, we will then, in order to keep the content clear enough and to skip the irrelevant part, consider the followings:
- Attributes are exported as Indicator or Observed Data objects in most of the cases
- In the following examples, attributes are shown as example withtout their
to_idsflag- An Indicator means the attribute is exported with the
to_idsflag set toTrue - An Observed Data means the attribute is exported with the
to_idsflag unset (False) - If neither an Indicator nor an Observed Data object is documented for a given attribute, the
to_idsflag does not matter
- An Indicator means the attribute is exported with the
Current mapping
- AS
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "AS", "value": "174", "category": "Network activity", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "autonomous-system--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"" ] }, { "type": "autonomous-system", "spec_version": "2.1", "id": "autonomous-system--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "number": 174 }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[autonomous-system:number = '174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- attachment
- MISP
{ "data": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK", "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "attachment", "value": "attachment.test", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "attachment.test", "content_ref": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" }, { "type": "artifact", "spec_version": "2.1", "id": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "payload_bin": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'attachment.test' AND file:content_ref.payload_bin = 'ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- authentihash
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "authentihash", "value": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc", "category": "Payload delivery", "timestamp": "1603642920", "comment": "AUTHENTIHASH test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"authentihash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "AUTHENTIHASH": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "AUTHENTIHASH test attribute", "pattern": "[file:hashes.AUTHENTIHASH = 'b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"authentihash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- campaign-name
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "campaign-name", "value": "MartyMcFly", "category": "Attribution", "timestamp": "1603642920" } - STIX
{ "type": "campaign", "spec_version": "2.1", "id": "campaign--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "MartyMcFly", "labels": [ "misp:type=\"campaign-name\"", "misp:category=\"Attribution\"" ] }
- MISP
- domain
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "domain", "value": "circl.lu", "category": "Network activity", "timestamp": "1603642920", "comment": "Domain test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Domain test attribute", "pattern": "[domain-name:value = 'circl.lu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
-
domain ip - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "domain|ip", "value": "circl.lu|149.13.33.14", "category": "Network activity", "timestamp": "1603642920", "comment": "Domain|ip test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu", "resolves_to_refs": [ "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "149.13.33.14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Domain|ip test attribute", "pattern": "[domain-name:value = 'circl.lu' AND domain-name:resolves_to_refs[*].value = '149.13.33.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- email
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email", "value": "address@email.test", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "address@email.test" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-addr:value = 'address@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- email-attachment
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-attachment", "value": "email_attachment.test", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Email attachment test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": true, "body_multipart": [ { "body_raw_ref": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "content_disposition": "attachment; filename='email_attachment.test'" } ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "email_attachment.test" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Email attachment test attribute", "pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'email_attachment.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- email-body
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-body", "value": "Email body test", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": false, "body": "Email body test" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:body = 'Email body test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- email-dst
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "email-dst", "value": "dst@email.test", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Destination email address test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--518b4bcb-a86b-4783-9457-391d548b605b", "email-addr--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--518b4bcb-a86b-4783-9457-391d548b605b", "is_multipart": false, "to_refs": [ "email-addr--518b4bcb-a86b-4783-9457-391d548b605b" ] }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--518b4bcb-a86b-4783-9457-391d548b605b", "value": "dst@email.test" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination email address test attribute", "pattern": "[email-message:to_refs[*].value = 'dst@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
- email-header
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-header", "value": "from mail.example.com ([198.51.100.3]) by smtp.gmail.com", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": false, "received_lines": [ "from mail.example.com ([198.51.100.3]) by smtp.gmail.com" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:received_lines = 'from mail.example.com ([198.51.100.3]) by smtp.gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- email-message-id
- MISP
{ "uuid": "f3745b11-2b82-4798-80ba-d32c506135ec", "type": "email-message-id", "value": "1234", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f3745b11-2b82-4798-80ba-d32c506135ec", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--f3745b11-2b82-4798-80ba-d32c506135ec" ], "labels": [ "misp:type=\"email-message-id\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--f3745b11-2b82-4798-80ba-d32c506135ec", "is_multipart": false, "message_id": "1234" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3745b11-2b82-4798-80ba-d32c506135ec", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:message_id = '1234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-message-id\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3a763477-03b7-53c8-b6f8-0e794a79ba28", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--f3745b11-2b82-4798-80ba-d32c506135ec", "target_ref": "observed-data--f3745b11-2b82-4798-80ba-d32c506135ec" } ]
- MISP
- email-reply-to
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "email-reply-to", "value": "reply-to@email.test", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "is_multipart": false, "additional_header_fields": { "Reply-To": "reply-to@email.test" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:additional_header_fields.reply_to = 'reply-to@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a304e5a4-5169-5b78-a50e-520ef8b41b03", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "target_ref": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" } ]
- MISP
- email-src
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-src", "value": "src@email.test", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Source email address test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": false, "from_ref": "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "src@email.test" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source email address test attribute", "pattern": "[email-message:from_ref.value = 'src@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- email-subject
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "email-subject", "value": "Test Subject", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "is_multipart": false, "subject": "Test Subject" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:subject = 'Test Subject']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b7f6cad-8dfe-5002-9126-18734b4e79ca", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "target_ref": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45" } ]
- MISP
- email-x-mailer
- MISP
{ "uuid": "f09d8496-e2ba-4250-878a-bec9b85c7e96", "type": "email-x-mailer", "value": "Email X-Mailer test", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--f09d8496-e2ba-4250-878a-bec9b85c7e96" ], "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--f09d8496-e2ba-4250-878a-bec9b85c7e96", "is_multipart": false, "additional_header_fields": { "X-Mailer": "Email X-Mailer test" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:additional_header_fields.x_mailer = 'Email X-Mailer test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4b5755d9-bae8-5b05-be20-4908f6a88ead", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--f09d8496-e2ba-4250-878a-bec9b85c7e96", "target_ref": "observed-data--f09d8496-e2ba-4250-878a-bec9b85c7e96" } ]
- MISP
- filename
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "filename", "value": "test_file_name", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "test_file_name" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename test attribute", "pattern": "[file:name = 'test_file_name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
-
filename authentihash - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "filename|authentihash", "value": "filename8|b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|authentihash test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"filename|authentihash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "AUTHENTIHASH": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc" }, "name": "filename8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|authentihash test attribute", "pattern": "[file:name = 'filename8' AND file:hashes.AUTHENTIHASH = 'b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|authentihash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
-
filename imphash - MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "filename|imphash", "value": "filename9|68f013d7437aa653a8a98a05807afeb1", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|imphash test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"filename|imphash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--518b4bcb-a86b-4783-9457-391d548b605b", "hashes": { "IMPHASH": "68f013d7437aa653a8a98a05807afeb1" }, "name": "filename9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|imphash test attribute", "pattern": "[file:name = 'filename9' AND file:hashes.IMPHASH = '68f013d7437aa653a8a98a05807afeb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|imphash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
-
filename md5 - MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "filename|md5", "value": "filename1|b2a5abfeef9e36964281a31e17b57c97", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|md5 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" }, "name": "filename1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|md5 test attribute", "pattern": "[file:name = 'filename1' AND file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b7f6cad-8dfe-5002-9126-18734b4e79ca", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "target_ref": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45" } ]
- MISP
-
filename pehash - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|pehash", "category": "Payload delivery", "value": "filename10|ffb7a38174aab4744cc4a509e34800aee9be8e57", "timestamp": "1603642920", "comment": "Filename|pehash test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"filename|pehash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "PEHASH": "ffb7a38174aab4744cc4a509e34800aee9be8e57" }, "name": "filename10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|pehash test attribute", "pattern": "[file:name = 'filename10' AND file:hashes.PEHASH = 'ffb7a38174aab4744cc4a509e34800aee9be8e57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|pehash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a304e5a4-5169-5b78-a50e-520ef8b41b03", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "target_ref": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" } ]
- MISP
-
filename sha1 - MISP
{ "uuid": "f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "type": "filename|sha1", "value": "filename2|2920d5e6c579fce772e5506caf03af65579088bd", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha1 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb" ], "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" }, "name": "filename2" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha1 test attribute", "pattern": "[file:name = 'filename2' AND file:hashes.'SHA-1' = '2920d5e6c579fce772e5506caf03af65579088bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7753a88-71a0-5d09-84b9-51cd5ce9e156", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "target_ref": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb" } ]
- MISP
-
filename sha224 - MISP
{ "uuid": "90bd7dae-b78c-4025-9073-568950c780fb", "type": "filename|sha224", "value": "filename3|5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha224 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--90bd7dae-b78c-4025-9073-568950c780fb" ], "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--90bd7dae-b78c-4025-9073-568950c780fb", "hashes": { "SHA224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" }, "name": "filename3" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha224 test attribute", "pattern": "[file:name = 'filename3' AND file:hashes.'SHA-224' = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb9e9476-6942-5bf2-9dbe-402bec74aace", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "target_ref": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb" } ]
- MISP
-
filename sha256 - MISP
{ "uuid": "2007ec09-8137-4a71-a3ce-6ef967bebacf", "type": "filename|sha256", "value": "filename4|7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha256 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2007ec09-8137-4a71-a3ce-6ef967bebacf" ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2007ec09-8137-4a71-a3ce-6ef967bebacf", "hashes": { "SHA-256": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4" }, "name": "filename4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha256 test attribute", "pattern": "[file:name = 'filename4' AND file:hashes.'SHA-256' = '7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e6d76c68-6c71-5903-b1b4-7611fb73ab74", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "target_ref": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf" } ]
- MISP
-
filename sha3-224 - MISP
{ "uuid": "f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "type": "filename|sha3-224", "value": "filename15|47d20efbf11c63c0b683560e61f7eb2eb314b68d9e714f8feeba0cfc", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha3-224 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9" ], "labels": [ "misp:type=\"filename|sha3-224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "hashes": { "SHA3224": "47d20efbf11c63c0b683560e61f7eb2eb314b68d9e714f8feeba0cfc" }, "name": "filename15" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-224 test attribute", "pattern": "[file:name = 'filename15' AND file:hashes.'SHA3-224' = '47d20efbf11c63c0b683560e61f7eb2eb314b68d9e714f8feeba0cfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--66a532bd-5151-50b3-891b-961d510c79f9", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "target_ref": "observed-data--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9" } ]
- MISP
-
filename sha3-256 - MISP
{ "uuid": "e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "type": "filename|sha3-256", "value": "filename16|39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha3-256 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" ], "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" }, "name": "filename16" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-256 test attribute", "pattern": "[file:name = 'filename16' AND file:hashes.'SHA3-256' = '39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--685e41c3-23e3-5495-a7ba-d3f580cec62d", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "target_ref": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" } ]
- MISP
-
filename sha3-384 - MISP
{ "uuid": "0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "type": "filename|sha3-384", "value": "filename17|93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha3-384 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--0d40e61c-fafa-4b8c-b5d0-60d768f649a1" ], "labels": [ "misp:type=\"filename|sha3-384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "hashes": { "SHA3384": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568" }, "name": "filename17" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-384 test attribute", "pattern": "[file:name = 'filename17' AND file:hashes.'SHA3-384' = '93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6fd071b8-79dc-5c14-b62b-e59788ef4b57", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "target_ref": "observed-data--0d40e61c-fafa-4b8c-b5d0-60d768f649a1" } ]
- MISP
-
filename sha3-512 - MISP
{ "uuid": "7e5ec865-a97c-41ba-99ba-a21c006da460", "type": "filename|sha3-512", "value": "filename18|fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha3-512 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--7e5ec865-a97c-41ba-99ba-a21c006da460", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--7e5ec865-a97c-41ba-99ba-a21c006da460" ], "labels": [ "misp:type=\"filename|sha3-512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--7e5ec865-a97c-41ba-99ba-a21c006da460", "hashes": { "SHA3-512": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748" }, "name": "filename18" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e5ec865-a97c-41ba-99ba-a21c006da460", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-512 test attribute", "pattern": "[file:name = 'filename18' AND file:hashes.'SHA3-512' = 'fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ea01092-e57f-5d81-855e-9460aa8b2771", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7e5ec865-a97c-41ba-99ba-a21c006da460", "target_ref": "observed-data--7e5ec865-a97c-41ba-99ba-a21c006da460" } ]
- MISP
-
filename sha384 - MISP
{ "uuid": "c8760340-85a9-4e40-bfde-522d66ef1e9f", "type": "filename|sha384", "value": "filename5|ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha384 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--c8760340-85a9-4e40-bfde-522d66ef1e9f" ], "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--c8760340-85a9-4e40-bfde-522d66ef1e9f", "hashes": { "SHA384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" }, "name": "filename5" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha384 test attribute", "pattern": "[file:name = 'filename5' AND file:hashes.'SHA-384' = 'ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2c7ae14-1442-5b06-8983-2b36fa641930", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "target_ref": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f" } ]
- MISP
-
filename sha512 - MISP
{ "uuid": "55ffda25-c3fe-48b5-a6eb-59c986cb593e", "type": "filename|sha512", "value": "filename6|28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha512 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e" ], "labels": [ "misp:type=\"filename|sha512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "hashes": { "SHA-512": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe" }, "name": "filename6" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512 test attribute", "pattern": "[file:name = 'filename6' AND file:hashes.'SHA-512' = '28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cded3aba-253d-529d-9e70-1d638f3d43bd", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "target_ref": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e" } ]
- MISP
-
filename sha512/224 - MISP
{ "uuid": "bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "type": "filename|sha512/224", "value": "filename11|5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha512/224 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5" ], "labels": [ "misp:type=\"filename|sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "hashes": { "SHA224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" }, "name": "filename11" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512/224 test attribute", "pattern": "[file:name = 'filename11' AND file:hashes.'SHA-224' = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--395842d5-b89b-55e8-b368-ad238a4ec1ae", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "target_ref": "observed-data--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5" } ]
- MISP
-
filename sha512/256 - MISP
{ "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a", "type": "filename|sha512/256", "value": "filename12|82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|sha512/256 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a" ], "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" }, "name": "filename12" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512/256 test attribute", "pattern": "[file:name = 'filename12' AND file:hashes.'SHA-256' = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9566c5c9-73b8-5040-84f2-1a02eef91dbc", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "target_ref": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a" } ]
- MISP
-
filename ssdeep - MISP
{ "uuid": "9060e814-a36f-45ab-84e5-66fc82dc7cff", "type": "filename|ssdeep", "value": "filename7|96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|ssdeep test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--9060e814-a36f-45ab-84e5-66fc82dc7cff" ], "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--9060e814-a36f-45ab-84e5-66fc82dc7cff", "hashes": { "SSDEEP": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" }, "name": "filename7" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|ssdeep test attribute", "pattern": "[file:name = 'filename7' AND file:hashes.SSDEEP = '96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f0ed729-61bf-515d-bbae-4670857bd3f1", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "target_ref": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff" } ]
- MISP
-
filename tlsh - MISP
{ "uuid": "7467406e-88d3-4856-afc9-412459bc3c8b", "type": "filename|tlsh", "value": "filename13|c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|tlsh test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--7467406e-88d3-4856-afc9-412459bc3c8b" ], "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--7467406e-88d3-4856-afc9-412459bc3c8b", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" }, "name": "filename13" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|tlsh test attribute", "pattern": "[file:name = 'filename13' AND file:hashes.TLSH = 'c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3cbb6e43-cf8c-5aef-ae7d-76461f6805ab", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "target_ref": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b" } ]
- MISP
-
filename vhash - MISP
{ "uuid": "cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "type": "filename|vhash", "value": "filename14|115056655d15151138z66hz1021z55z66z3", "category": "Payload delivery", "timestamp": "1603642920", "comment": "Filename|vhash test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975" ], "labels": [ "misp:type=\"filename|vhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "hashes": { "VHASH": "115056655d15151138z66hz1021z55z66z3" }, "name": "filename14" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|vhash test attribute", "pattern": "[file:name = 'filename14' AND file:hashes.VHASH = '115056655d15151138z66hz1021z55z66z3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|vhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e5ecd49-0bdd-59ae-8bc4-d7674afeac7b", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "target_ref": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975" } ]
- MISP
- github-username
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "github-username", "value": "chrisr3d", "category": "Social network", "timestamp": "1603642920", "comment": "Github username test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "user-account--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"github-username\"", "misp:category=\"Social network\"" ] }, { "type": "user-account", "spec_version": "2.1", "id": "user-account--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "account_login": "chrisr3d", "account_type": "github" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Github username test attribute", "pattern": "[user-account:account_type = 'github' AND user-account:account_login = 'chrisr3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Social network" } ], "labels": [ "misp:type=\"github-username\"", "misp:category=\"Social network\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- hostname
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "hostname", "value": "circl.lu", "category": "Network activity", "timestamp": "1603642920", "comment": "Hostname test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Hostname test attribute", "pattern": "[domain-name:value = 'circl.lu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
-
hostname port - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "hostname|port", "value": "circl.lu|8443", "category": "Network activity", "timestamp": "1603642920", "comment": "Hostname|port test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu" }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "dst_ref": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "dst_port": 8443, "protocols": [ "tcp" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Hostname|port test attribute", "pattern": "[domain-name:value = 'circl.lu' AND network-traffic:dst_port = '8443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- http-method
- MISP
{ "uuid": "d94bdd2c-3603-4044-8b70-20090e7526ad", "type": "http-method", "value": "POST", "category": "Network activity", "timestamp": "1603642920" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--d94bdd2c-3603-4044-8b70-20090e7526ad", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_method = 'POST']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"http-method\"", "misp:category=\"Network activity\"" ] }
- MISP
- imphash
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "imphash", "value": "68f013d7437aa653a8a98a05807afeb1", "category": "Payload delivery", "timestamp": "1603642920", "comment": "IMPHASH test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--518b4bcb-a86b-4783-9457-391d548b605b", "hashes": { "IMPHASH": "68f013d7437aa653a8a98a05807afeb1" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "IMPHASH test attribute", "pattern": "[file:hashes.IMPHASH = '68f013d7437aa653a8a98a05807afeb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
- ip-dst
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "ip-dst", "value": "5.6.7.8", "category": "Network activity", "timestamp": "1603642920", "comment": "Destination IP test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "dst_ref": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "value": "5.6.7.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination IP test attribute", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
-
ip-dst port - MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "ip-dst|port", "value": "5.6.7.8|5678", "category": "Network activity", "timestamp": "1603642920", "comment": "Destination IP | Port test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "dst_ref": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "dst_port": 5678, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "value": "5.6.7.8" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination IP | Port test attribute", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8' AND network-traffic:dst_port = '5678']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
- ip-src
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "ip-src", "value": "1.2.3.4", "category": "Network activity", "timestamp": "1603642920", "comment": "Source IP test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "src_ref": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "1.2.3.4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source IP test attribute", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
-
ip-src port - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "ip-src|port", "value": "1.2.3.4|1234", "category": "Network activity", "timestamp": "1603642920", "comment": "Source IP | Port test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "src_ref": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "src_port": 1234, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "1.2.3.4" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source IP | Port test attribute", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4' AND network-traffic:src_port = '1234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- link
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "link", "value": "https://misp-project.org/download/", "category": "External analysis", "timestamp": "1603642920", "comment": "Link test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "url--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "https://misp-project.org/download/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Link test attribute", "pattern": "[url:value = 'https://misp-project.org/download/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- mac-address
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "mac-address", "value": "12:34:56:78:90:ab", "category": "Payload delivery", "timestamp": "1603642920" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "mac-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"" ] }, { "type": "mac-addr", "spec_version": "2.1", "id": "mac-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "12:34:56:78:90:ab" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[mac-addr:value = '12:34:56:78:90:ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- malware-sample
- MISP
{ "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "malware-sample", "value": "oui|8764605c6f388c89096b534d33565802", "category": "Payload delivery", "malware_filename": "oui", "timestamp": "1603642920", "comment": "Malware Sample test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" }, "name": "oui", "content_ref": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" }, { "type": "artifact", "spec_version": "2.1", "id": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "mime_type": "application/zip", "payload_bin": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "encryption_algorithm": "mime-type-indicated", "decryption_key": "infected" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Malware Sample test attribute", "pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==' AND file:name = 'oui' AND file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- md5
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "md5", "value": "b2a5abfeef9e36964281a31e17b57c97", "category": "Payload delivery", "timestamp": "1603642920", "comment": "MD5 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "MD5 test attribute", "pattern": "[file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b7f6cad-8dfe-5002-9126-18734b4e79ca", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "target_ref": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45" } ]
- MISP
- mutex
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "mutex", "value": "MutexTest", "category": "Artifacts dropped", "timestamp": "1603642920", "comment": "Mutex test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "mutex--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "MutexTest" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Mutex test attribute", "pattern": "[mutex:name = 'MutexTest']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- pehash
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "pehash", "value": "ffb7a38174aab4744cc4a509e34800aee9be8e57", "category": "Payload delivery", "timestamp": "1603642920", "comment": "PEHASH test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"pehash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "PEHASH": "ffb7a38174aab4744cc4a509e34800aee9be8e57" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "PEHASH test attribute", "pattern": "[file:hashes.PEHASH = 'ffb7a38174aab4744cc4a509e34800aee9be8e57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"pehash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a304e5a4-5169-5b78-a50e-520ef8b41b03", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "target_ref": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" } ]
- MISP
- port
- MISP
{ "uuid": "1af096a0-efa1-4331-9300-a6b5eb4df2e6", "type": "port", "value": "8443", "category": "Network activity", "timestamp": "1603642920" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--1af096a0-efa1-4331-9300-a6b5eb4df2e6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[network-traffic:dst_port = '8443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"port\"", "misp:category=\"Network activity\"" ] }
- MISP
- regkey
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "regkey", "value": "HKLM\\Software\\mthjk", "category": "Persistence mechanism", "timestamp": "1603642920", "comment": "Regkey test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "key": "HKLM\\Software\\mthjk" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Regkey test attribute", "pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\mthjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Persistence mechanism" } ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
-
regkey value - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "regkey|value", "value": "HKLM\\Software\\mthjk|%DATA%\\1234567890", "category": "Persistence mechanism", "timestamp": "1603642920", "comment": "Regkey | value test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "key": "HKLM\\Software\\mthjk", "values": [ { "data": "%DATA%\\1234567890" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Regkey | value test attribute", "pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\mthjk' AND windows-registry-key:values.data = '\\\\%DATA\\\\%\\\\1234567890']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Persistence mechanism" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- sha1
- MISP
{ "uuid": "f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "type": "sha1", "value": "2920d5e6c579fce772e5506caf03af65579088bd", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA1 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA1 test attribute", "pattern": "[file:hashes.'SHA-1' = '2920d5e6c579fce772e5506caf03af65579088bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f7753a88-71a0-5d09-84b9-51cd5ce9e156", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "target_ref": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb" } ]
- MISP
- sha224
- MISP
{ "uuid": "90bd7dae-b78c-4025-9073-568950c780fb", "type": "sha224", "value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA224 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--90bd7dae-b78c-4025-9073-568950c780fb" ], "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--90bd7dae-b78c-4025-9073-568950c780fb", "hashes": { "SHA224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA224 test attribute", "pattern": "[file:hashes.'SHA-224' = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--eb9e9476-6942-5bf2-9dbe-402bec74aace", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "target_ref": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb" } ]
- MISP
- sha256
- MISP
{ "uuid": "2007ec09-8137-4a71-a3ce-6ef967bebacf", "type": "sha256", "value": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA256 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2007ec09-8137-4a71-a3ce-6ef967bebacf" ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2007ec09-8137-4a71-a3ce-6ef967bebacf", "hashes": { "SHA-256": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA256 test attribute", "pattern": "[file:hashes.'SHA-256' = '7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e6d76c68-6c71-5903-b1b4-7611fb73ab74", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "target_ref": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf" } ]
- MISP
- sha3-224
- MISP
{ "uuid": "f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "type": "sha3-224", "value": "47d20efbf11c63c0b683560e61f7eb2eb314b68d9e714f8feeba0cfc", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA3-224 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9" ], "labels": [ "misp:type=\"sha3-224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "hashes": { "SHA3224": "47d20efbf11c63c0b683560e61f7eb2eb314b68d9e714f8feeba0cfc" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-224 test attribute", "pattern": "[file:hashes.'SHA3-224' = '47d20efbf11c63c0b683560e61f7eb2eb314b68d9e714f8feeba0cfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--66a532bd-5151-50b3-891b-961d510c79f9", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9", "target_ref": "observed-data--f750c3d9-b7c6-4054-9bb4-f9b0b74688c9" } ]
- MISP
- sha3-256
- MISP
{ "uuid": "e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "type": "sha3-256", "value": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA3-256 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" ], "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-256 test attribute", "pattern": "[file:hashes.'SHA3-256' = '39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--685e41c3-23e3-5495-a7ba-d3f580cec62d", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "target_ref": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" } ]
- MISP
- sha3-384
- MISP
{ "uuid": "0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "type": "sha3-384", "value": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA3-384 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--0d40e61c-fafa-4b8c-b5d0-60d768f649a1" ], "labels": [ "misp:type=\"sha3-384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "hashes": { "SHA3384": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-384 test attribute", "pattern": "[file:hashes.'SHA3-384' = '93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6fd071b8-79dc-5c14-b62b-e59788ef4b57", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--0d40e61c-fafa-4b8c-b5d0-60d768f649a1", "target_ref": "observed-data--0d40e61c-fafa-4b8c-b5d0-60d768f649a1" } ]
- MISP
- sha3-512
- MISP
{ "uuid": "7e5ec865-a97c-41ba-99ba-a21c006da460", "type": "sha3-512", "value": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA3-512 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--7e5ec865-a97c-41ba-99ba-a21c006da460", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--7e5ec865-a97c-41ba-99ba-a21c006da460" ], "labels": [ "misp:type=\"sha3-512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--7e5ec865-a97c-41ba-99ba-a21c006da460", "hashes": { "SHA3-512": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7e5ec865-a97c-41ba-99ba-a21c006da460", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-512 test attribute", "pattern": "[file:hashes.'SHA3-512' = 'fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ea01092-e57f-5d81-855e-9460aa8b2771", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7e5ec865-a97c-41ba-99ba-a21c006da460", "target_ref": "observed-data--7e5ec865-a97c-41ba-99ba-a21c006da460" } ]
- MISP
- sha384
- MISP
{ "uuid": "c8760340-85a9-4e40-bfde-522d66ef1e9f", "type": "sha384", "value": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA384 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--c8760340-85a9-4e40-bfde-522d66ef1e9f" ], "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--c8760340-85a9-4e40-bfde-522d66ef1e9f", "hashes": { "SHA384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA384 test attribute", "pattern": "[file:hashes.'SHA-384' = 'ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e2c7ae14-1442-5b06-8983-2b36fa641930", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "target_ref": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f" } ]
- MISP
- sha512
- MISP
{ "uuid": "55ffda25-c3fe-48b5-a6eb-59c986cb593e", "type": "sha512", "value": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e" ], "labels": [ "misp:type=\"sha512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "hashes": { "SHA-512": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512 test attribute", "pattern": "[file:hashes.'SHA-512' = '28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--cded3aba-253d-529d-9e70-1d638f3d43bd", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "target_ref": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e" } ]
- MISP
- sha512/224
- MISP
{ "uuid": "bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "type": "sha512/224", "value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512/224 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5" ], "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "hashes": { "SHA224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512/224 test attribute", "pattern": "[file:hashes.'SHA-224' = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--395842d5-b89b-55e8-b368-ad238a4ec1ae", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5", "target_ref": "observed-data--bb8c9a01-55ba-4fac-9f2f-cdc31ed774a5" } ]
- MISP
- sha512/256
- MISP
{ "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a", "type": "sha512/256", "value": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512/256 test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a" ], "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512/256 test attribute", "pattern": "[file:hashes.'SHA-256' = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9566c5c9-73b8-5040-84f2-1a02eef91dbc", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "target_ref": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a" } ]
- MISP
- sigma
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "sigma", "value": "title: Ps.exe Renamed SysInternals Tool description: Detects renamed SysInternals tool execution with a binary named ps.exe as used by Dragonfly APT group and documentied in TA17-293A report reference: https://www.us-cert.gov/ncas/alerts/TA17-293A author: Florian Roth date: 2017/10/22 logsource: product: windows service: sysmon detection: selection: EventID: 1 CommandLine: 'ps.exe -accepteula' condition: selection falsepositives: - Renamed SysInternals tool level: high", "category": "Artifacts dropped", "timestamp": "1603642920", "comment": "Sigma test attribute" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Sigma test attribute", "pattern": "[title: Ps.exe Renamed SysInternals Tool description: Detects renamed SysInternals tool execution with a binary named ps.exe as used by Dragonfly APT group and documentied in TA17-293A report reference: https://www.us-cert.gov/ncas/alerts/TA17-293A author: Florian Roth date: 2017/10/22 logsource: product: windows service: sysmon detection: selection: EventID: 1 CommandLine: 'ps.exe -accepteula' condition: selection falsepositives: - Renamed SysInternals tool level: high]", "pattern_type": "sigma", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sigma\"", "misp:category=\"Artifacts dropped\"" ] }
- MISP
- size-in-bytes
- MISP
{ "uuid": "8be8065b-ca71-4210-976e-2804665a502d", "type": "size-in-bytes", "value": "1234", "category": "Other", "timestamp": "1603642920" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--8be8065b-ca71-4210-976e-2804665a502d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:size = '1234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Other" } ], "labels": [ "misp:type=\"size-in-bytes\"", "misp:category=\"Other\"" ] }
- MISP
- snort
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "snort", "value": "alert http any 443 -> 8.8.8.8 any", "category": "Network activity", "timestamp": "1603642920", "comment": "Snort test attribute" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Snort test attribute", "pattern": "[alert http any 443 -> 8.8.8.8 any]", "pattern_type": "snort", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"" ] }
- MISP
- ssdeep
- MISP
{ "uuid": "9060e814-a36f-45ab-84e5-66fc82dc7cff", "type": "ssdeep", "value": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SSDEEP test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--9060e814-a36f-45ab-84e5-66fc82dc7cff" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--9060e814-a36f-45ab-84e5-66fc82dc7cff", "hashes": { "SSDEEP": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SSDEEP test attribute", "pattern": "[file:hashes.SSDEEP = '96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0f0ed729-61bf-515d-bbae-4670857bd3f1", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "target_ref": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff" } ]
- MISP
- suricata
- MISP
{ "uuid": "6b6ad9e2-7e0d-4d8a-9f2a-94a3e6d2f7a1", "type": "suricata", "value": "alert dns any any -> any any (msg:\"DNS Query for malicious domain\"; dns_query; content:\"evil.example.com\"; sid:1000001; rev:1;)", "category": "Network activity", "timestamp": "1603642920", "comment": "Suricata test attribute" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--6b6ad9e2-7e0d-4d8a-9f2a-94a3e6d2f7a1", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Suricata test attribute", "pattern": "[alert dns any any -> any any (msg:\"DNS Query for malicious domain\"; dns_query; content:\"evil.example.com\"; sid:1000001; rev:1;)]", "pattern_type": "suricata", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"suricata\"", "misp:category=\"Network activity\"" ] }
- MISP
- telfhash
- MISP
{ "uuid": "4846cade-2492-4e7d-856e-2afcd282455b", "type": "telfhash", "value": "b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b", "category": "Payload delivery", "timestamp": "1603642920", "comment": "TELFHASH test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--4846cade-2492-4e7d-856e-2afcd282455b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--4846cade-2492-4e7d-856e-2afcd282455b" ], "labels": [ "misp:type=\"telfhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--4846cade-2492-4e7d-856e-2afcd282455b", "hashes": { "TELFHASH": "b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4846cade-2492-4e7d-856e-2afcd282455b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "TELFHASH test attribute", "pattern": "[file:hashes.TELFHASH = 'b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"telfhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--12a3d2ab-3fc8-58e9-94f3-0d25ffd0ed0c", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--4846cade-2492-4e7d-856e-2afcd282455b", "target_ref": "observed-data--4846cade-2492-4e7d-856e-2afcd282455b" } ]
- MISP
- tlsh
- MISP
{ "uuid": "7467406e-88d3-4856-afc9-412459bc3c8b", "type": "tlsh", "value": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297", "category": "Payload delivery", "timestamp": "1603642920", "comment": "TLSH test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--7467406e-88d3-4856-afc9-412459bc3c8b" ], "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--7467406e-88d3-4856-afc9-412459bc3c8b", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "TLSH test attribute", "pattern": "[file:hashes.TLSH = 'c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3cbb6e43-cf8c-5aef-ae7d-76461f6805ab", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "target_ref": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b" } ]
- MISP
- uri
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "uri", "value": "https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova", "category": "Network activity", "timestamp": "1603642920", "comment": "URI test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "url--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"uri\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--518b4bcb-a86b-4783-9457-391d548b605b", "value": "https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "URI test attribute", "pattern": "[url:value = 'https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"uri\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
- url
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "url", "value": "https://vm.misp-project.org/latest/", "category": "Network activity", "timestamp": "1603642920", "comment": "URL test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "url--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "value": "https://vm.misp-project.org/latest/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "URL test attribute", "pattern": "[url:value = 'https://vm.misp-project.org/latest/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b7f6cad-8dfe-5002-9126-18734b4e79ca", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "target_ref": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45" } ]
- MISP
- user-agent
- MISP
{ "uuid": "f0b5b638-81b4-4509-bd40-1e114955caf4", "type": "user-agent", "value": "Mozilla Firefox", "category": "Network activity", "timestamp": "1603642920", "comment": "User-agent test attribute" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--f0b5b638-81b4-4509-bd40-1e114955caf4", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "User-agent test attribute", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla Firefox']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"" ] }
- MISP
- vhash
- MISP
{ "uuid": "cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "type": "vhash", "value": "115056655d15151138z66hz1021z55z66z3", "category": "Payload delivery", "timestamp": "1603642920", "comment": "VHASH test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975" ], "labels": [ "misp:type=\"vhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "hashes": { "VHASH": "115056655d15151138z66hz1021z55z66z3" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "VHASH test attribute", "pattern": "[file:hashes.VHASH = '115056655d15151138z66hz1021z55z66z3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"vhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2e5ecd49-0bdd-59ae-8bc4-d7674afeac7b", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "target_ref": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975" } ]
- MISP
- vulnerability
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "vulnerability", "value": "CVE-2017-11774", "category": "External analysis", "timestamp": "1603642920", "comment": "Vulnerability test attribute" } - STIX
{ "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "CVE-2017-11774", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-11774" } ] }
- MISP
- x509-fingerprint-md5
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "x509-fingerprint-md5", "value": "8764605c6f388c89096b534d33565802", "category": "Payload delivery", "timestamp": "1603642920", "comment": "X509 MD5 fingerprint test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "x509-certificate--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 MD5 fingerprint test attribute", "pattern": "[x509-certificate:hashes.MD5 = '8764605c6f388c89096b534d33565802']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--860e90aa-53db-5b32-b295-3c3926c82f10", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "target_ref": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } ]
- MISP
- x509-fingerprint-sha1
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "x509-fingerprint-sha1", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "category": "Payload delivery", "timestamp": "1603642920", "comment": "X509 SHA1 fingerprint test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "x509-certificate--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--518b4bcb-a86b-4783-9457-391d548b605b", "hashes": { "SHA-1": "46aba99aa7158e4609aaa72b50990842fd22ae86" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 SHA1 fingerprint test attribute", "pattern": "[x509-certificate:hashes.'SHA-1' = '46aba99aa7158e4609aaa72b50990842fd22ae86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d0779bac-8ac6-5b28-ad47-c23c748879fe", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "target_ref": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b" } ]
- MISP
- x509-fingerprint-sha256
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "x509-fingerprint-sha256", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "category": "Payload delivery", "timestamp": "1603642920", "comment": "X509 SHA256 fingerprint test attribute" } - STIX
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "x509-certificate--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "hashes": { "SHA-256": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 SHA256 fingerprint test attribute", "pattern": "[x509-certificate:hashes.'SHA-256' = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--9b7f6cad-8dfe-5002-9126-18734b4e79ca", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "target_ref": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45" } ]
- MISP
- yara
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "yara", "value": "rule torcryptomining { meta: description = \"Tor miner - broken UPX magic string\" strings: $upx_erase = {(00 FF 99 41|DF DD 30 33)} condition: $upx_erase at 236 }", "category": "Payload installation", "timestamp": "1603642920", "comment": "Yara test attribute" } - STIX
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Yara test attribute", "pattern": "[rule torcryptomining { meta: description = \"Tor miner - broken UPX magic string\" strings: $upx_erase = {(00 FF 99 41|DF DD 30 33)} condition: $upx_erase at 236 }]", "pattern_type": "yara", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Payload installation\"" ] }
- MISP
Unmapped attribute types
You may have noticed we are very far from having all the attribute types supported. This is due to the various use cases that MISP can be used for.
Nonetheless, every attribute whose type is not in the list, is exported as Custom object.
With the following examples, btc and iban are attribute types that are not mapped, where the other ones:
- are already mentioned above and giving valid STIX 2.1 pattern expressions when their
to_idsflag is set toTrue. - are not providing enough information to produce Observable objects and are then exported as
Customobjects when theirto_idsflag is unset.
Let us see those examples of custom objects exported from attributes:
- btc
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "btc", "category": "Financial fraud", "value": "1E38kt7ryhbRXUzbam6iQ6sd93VHUUdjEE", "timestamp": "1603642920", "comment": "Btc test attribute", "to_ids": true } - STIX
{ "type": "x-misp-object-btc", "spec_version": "2.1", "id": "x-misp-object-btc--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"btc\"", "misp:category=\"Financial fraud\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Financial fraud", "x_misp_comment": "Btc test attribute", "x_misp_value": "1E38kt7ryhbRXUzbam6iQ6sd93VHUUdjEE" }
- MISP
- http-method
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "http-method", "category": "Network activity", "value": "POST", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-http-method", "spec_version": "2.1", "id": "x-misp-object-http-method--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"http-method\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_value": "POST" }
- MISP
- iban
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "iban", "category": "Financial fraud", "value": "LU1234567890ABCDEF1234567890", "timestamp": "1603642920", "comment": "IBAN test attribute", "to_ids": true } - STIX
{ "type": "x-misp-object-iban", "spec_version": "2.1", "id": "x-misp-object-iban--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"iban\"", "misp:category=\"Financial fraud\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Financial fraud", "x_misp_comment": "IBAN test attribute", "x_misp_value": "LU1234567890ABCDEF1234567890" }
- MISP
- port
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "port", "category": "Network activity", "value": "8443", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-port", "spec_version": "2.1", "id": "x-misp-object-port--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"port\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_value": "8443" }
- MISP
- size-in-bytes
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "size-in-bytes", "value": "1234", "category": "Other", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-size-in-bytes", "spec_version": "2.1", "id": "x-misp-object-size-in-bytes--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"size-in-bytes\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_value": "1234" }
- MISP
- user-agent
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "user-agent", "category": "Network activity", "value": "Mozilla Firefox", "timestamp": "1603642920", "comment": "User-agent test attribute", "to_ids": false } - STIX
{ "type": "x-misp-object-user-agent", "spec_version": "2.1", "id": "x-misp-object-user-agent--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "User-agent test attribute", "x_misp_value": "Mozilla Firefox" }
- MISP
The other detailed mappings
For more detailed mappings, click on one of the link below: