MISP Attributes to STIX 2.1 mapping
MISP Attributes are the actual raw data used by analysts to describe the IoCs and observed data related to a specific event (which could be an actual threat report, an IP watchlist, etc.)
Thus, in most of the cases, a MISP Attribute is exported to STIX as Indicator if its to_ids flag is set, or as Observable if its to_ids flag is false. But there are also some other examples where MISP attributes are exported neither as indicator nor as observable, this documentation gives all the details about the single attributes mapping into STIX objects, depending on the type of the attributes.
As we can see in the detailed Events mapping documentation, attributes within their event are exported in different STIX 2.1 objects embedded in a STIX Bundle. Those objects’ references are also embedded within the Report or Grouping object_refs field.
For the rest of this documentation, we will then, in order to keep the content clear enough and to skip the irrelevant part, consider the followings:
- Attributes are exported as Indicator or Observed Data objects in most of the cases
- In the following examples, attributes are shown as example withtout their
to_idsflag- An Indicator means the attribute is exported with the
to_idsflag set toTrue - An Observed Data means the attribute is exported with the
to_idsflag unset (False) - If neither an Indicator nor an Observed Data object is documented for a given attribute, the
to_idsflag does not matter
- An Indicator means the attribute is exported with the
Current mapping
- AS
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "AS", "category": "Network activity", "timestamp": "1603642920", "value": "AS174" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[autonomous-system:number = '174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "autonomous-system--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"AS\"", "misp:category=\"Network activity\"" ] }, { "type": "autonomous-system", "spec_version": "2.1", "id": "autonomous-system--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "number": 174 } ]
- Indicator
- MISP
- attachment
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "attachment", "category": "Payload delivery", "value": "attachment.test", "data": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'attachment.test' AND file:content_ref.payload_bin = 'ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "attachment.test", "content_ref": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" }, { "type": "artifact", "spec_version": "2.1", "id": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "payload_bin": "ZWNobyAiREFOR0VST1VTIE1BTFdBUkUiIAoK" } ]
- Indicator
- MISP
- authentihash
- MISP
{ "type": "authentihash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "AUTHENTIHASH test attribute", "value": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc", "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "AUTHENTIHASH test attribute", "pattern": "[file:hashes.AUTHENTIHASH = 'b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"authentihash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"authentihash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "AUTHENTIHASH": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc" } } ]
- Indicator
- MISP
- campaign-name
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "campaign-name", "category": "Attribution", "value": "MartyMcFly", "timestamp": "1603642920" } - STIX
- Campaign
{ "type": "campaign", "spec_version": "2.1", "id": "campaign--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "MartyMcFly", "labels": [ "misp:type=\"campaign-name\"", "misp:category=\"Attribution\"" ] }
- Campaign
- MISP
- domain
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "domain", "category": "Network activity", "value": "circl.lu", "timestamp": "1603642920", "comment": "Domain test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Domain test attribute", "pattern": "[domain-name:value = 'circl.lu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu" } ]
- Indicator
- MISP
-
domain ip - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "domain|ip", "category": "Network activity", "value": "circl.lu|149.13.33.14", "timestamp": "1603642920", "comment": "Domain|ip test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Domain|ip test attribute", "pattern": "[domain-name:value = 'circl.lu' AND domain-name:resolves_to_refs[*].value = '149.13.33.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"domain|ip\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu", "resolves_to_refs": [ "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "149.13.33.14" } ]
- Indicator
- MISP
- email
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email", "category": "Payload delivery", "value": "address@email.test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-addr:value = 'address@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "address@email.test" } ]
- Indicator
- MISP
- email-attachment
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-attachment", "category": "Payload delivery", "value": "email_attachment.test", "timestamp": "1603642920", "comment": "Email attachment test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Email attachment test attribute", "pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'email_attachment.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-attachment\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": true, "body_multipart": [ { "body_raw_ref": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "content_disposition": "attachment; filename='email_attachment.test'" } ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "email_attachment.test" } ]
- Indicator
- MISP
- email-body
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-body", "category": "Payload delivery", "value": "Email body test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:body = 'Email body test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-body\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": false, "body": "Email body test" } ]
- Indicator
- MISP
- email-dst
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "email-dst", "category": "Payload delivery", "value": "dst@email.test", "timestamp": "1603642920", "comment": "Destination email address test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination email address test attribute", "pattern": "[email-message:to_refs[*].value = 'dst@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--518b4bcb-a86b-4783-9457-391d548b605b", "email-addr--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"email-dst\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--518b4bcb-a86b-4783-9457-391d548b605b", "is_multipart": false, "to_refs": [ "email-addr--518b4bcb-a86b-4783-9457-391d548b605b" ] }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--518b4bcb-a86b-4783-9457-391d548b605b", "value": "dst@email.test" } ]
- Indicator
- MISP
- email-header
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-header", "category": "Payload delivery", "value": "from mail.example.com ([198.51.100.3]) by smtp.gmail.com", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:received_lines = 'from mail.example.com ([198.51.100.3]) by smtp.gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-header\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": false, "received_lines": [ "from mail.example.com ([198.51.100.3]) by smtp.gmail.com" ] } ]
- Indicator
- MISP
- email-message-id
- MISP
{ "uuid": "f3745b11-2b82-4798-80ba-d32c506135ec", "type": "email-message-id", "category": "Payload delivery", "value": "1234", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--f3745b11-2b82-4798-80ba-d32c506135ec", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:message_id = '1234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-message-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f3745b11-2b82-4798-80ba-d32c506135ec", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--f3745b11-2b82-4798-80ba-d32c506135ec" ], "labels": [ "misp:type=\"email-message-id\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--f3745b11-2b82-4798-80ba-d32c506135ec", "is_multipart": false, "message_id": "1234" } ]
- Indicator
- MISP
- email-reply-to
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "email-reply-to", "category": "Payload delivery", "value": "reply-to@email.test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:additional_header_fields.reply_to = 'reply-to@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"email-reply-to\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "is_multipart": false, "additional_header_fields": { "Reply-To": "reply-to@email.test" } } ]
- Indicator
- MISP
- email-src
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "email-src", "category": "Payload delivery", "value": "src@email.test", "timestamp": "1603642920", "comment": "Source email address test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source email address test attribute", "pattern": "[email-message:from_ref.value = 'src@email.test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "is_multipart": false, "from_ref": "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "src@email.test" } ]
- Indicator
- MISP
- email-subject
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "email-subject", "category": "Payload delivery", "value": "Test Subject", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:subject = 'Test Subject']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"email-subject\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "is_multipart": false, "subject": "Test Subject" } ]
- Indicator
- MISP
- email-x-mailer
- MISP
{ "uuid": "f09d8496-e2ba-4250-878a-bec9b85c7e96", "type": "email-x-mailer", "category": "Payload delivery", "value": "Email X-Mailer test", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:additional_header_fields.x_mailer = 'Email X-Mailer test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f09d8496-e2ba-4250-878a-bec9b85c7e96", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "email-message--f09d8496-e2ba-4250-878a-bec9b85c7e96" ], "labels": [ "misp:type=\"email-x-mailer\"", "misp:category=\"Payload delivery\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--f09d8496-e2ba-4250-878a-bec9b85c7e96", "is_multipart": false, "additional_header_fields": { "X-Mailer": "Email X-Mailer test" } } ]
- Indicator
- MISP
- filename
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "filename", "category": "Payload delivery", "value": "test_file_name", "timestamp": "1603642920", "comment": "Filename test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename test attribute", "pattern": "[file:name = 'test_file_name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "test_file_name" } ]
- Indicator
- MISP
-
filename authentihash - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "filename|authentihash", "category": "Payload delivery", "value": "filename8|b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc", "timestamp": "1603642920", "comment": "Filename|authentihash test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|authentihash test attribute", "pattern": "[file:name = 'filename8' AND file:hashes.AUTHENTIHASH = 'b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|authentihash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"filename|authentihash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "AUTHENTIHASH": "b3b8b4ac8ac98e610c49b4c5306b95ea2836348492b5c488f584a223541283cc" }, "name": "filename8" } ]
- Indicator
- MISP
-
filename imphash - MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "filename|imphash", "category": "Payload delivery", "value": "filename9|68f013d7437aa653a8a98a05807afeb1", "timestamp": "1603642920", "comment": "Filename|imphash test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|imphash test attribute", "pattern": "[file:name = 'filename9' AND file:hashes.IMPHASH = '68f013d7437aa653a8a98a05807afeb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"filename|imphash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--518b4bcb-a86b-4783-9457-391d548b605b", "hashes": { "IMPHASH": "68f013d7437aa653a8a98a05807afeb1" }, "name": "filename9" } ]
- Indicator
- MISP
-
filename md5 - MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "filename|md5", "category": "Payload delivery", "value": "filename1|b2a5abfeef9e36964281a31e17b57c97", "timestamp": "1603642920", "comment": "Filename|md5 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|md5 test attribute", "pattern": "[file:name = 'filename1' AND file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"filename|md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" }, "name": "filename1" } ]
- Indicator
- MISP
-
filename pehash - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|pehash", "category": "Payload delivery", "value": "filename10|ffb7a38174aab4744cc4a509e34800aee9be8e57", "timestamp": "1603642920", "comment": "Filename|pehash test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|pehash test attribute", "pattern": "[file:name = 'filename10' AND file:hashes.PEHASH = 'ffb7a38174aab4744cc4a509e34800aee9be8e57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|pehash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"filename|pehash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "PEHASH": "ffb7a38174aab4744cc4a509e34800aee9be8e57" }, "name": "filename10" } ]
- Indicator
- MISP
-
filename sha1 - MISP
{ "uuid": "f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "type": "filename|sha1", "category": "Payload delivery", "value": "filename2|2920d5e6c579fce772e5506caf03af65579088bd", "timestamp": "1603642920", "comment": "Filename|sha1 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha1 test attribute", "pattern": "[file:name = 'filename2' AND file:hashes.SHA1 = '2920d5e6c579fce772e5506caf03af65579088bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb" ], "labels": [ "misp:type=\"filename|sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" }, "name": "filename2" } ]
- Indicator
- MISP
-
filename sha224 - MISP
{ "uuid": "90bd7dae-b78c-4025-9073-568950c780fb", "type": "filename|sha224", "category": "Payload delivery", "value": "filename3|5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "timestamp": "1603642920", "comment": "Filename|sha224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha224 test attribute", "pattern": "[file:name = 'filename3' AND file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--90bd7dae-b78c-4025-9073-568950c780fb" ], "labels": [ "misp:type=\"filename|sha224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--90bd7dae-b78c-4025-9073-568950c780fb", "hashes": { "SHA224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" }, "name": "filename3" } ]
- Indicator
- MISP
-
filename sha256 - MISP
{ "uuid": "2007ec09-8137-4a71-a3ce-6ef967bebacf", "type": "filename|sha256", "category": "Payload delivery", "value": "filename4|7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4", "timestamp": "1603642920", "comment": "Filename|sha256 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha256 test attribute", "pattern": "[file:name = 'filename4' AND file:hashes.SHA256 = '7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2007ec09-8137-4a71-a3ce-6ef967bebacf" ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2007ec09-8137-4a71-a3ce-6ef967bebacf", "hashes": { "SHA-256": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4" }, "name": "filename4" } ]
- Indicator
- MISP
-
filename sha3-224 - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|sha3-224", "category": "Payload delivery", "value": "testfile.name|3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618", "timestamp": "1603642920", "comment": "Filename|sha3-224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-224 test attribute", "pattern": "[file:name = 'testfile.name' AND file:hashes.SHA3224 = '3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"filename|sha3-224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "SHA3-224": "3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618" }, "name": "testfile.name" } ]
- Indicator
- MISP
-
filename sha3-256 - MISP
{ "uuid": "e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "type": "filename|sha3-256", "category": "Payload delivery", "value": "filename14|39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4", "timestamp": "1603642920", "comment": "Filename|sha3-256 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-256 test attribute", "pattern": "[file:name = 'filename14' AND file:hashes.SHA3256 = '39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" ], "labels": [ "misp:type=\"filename|sha3-256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" }, "name": "filename14" } ]
- Indicator
- MISP
-
filename sha3-384 - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|sha3-384", "category": "Payload delivery", "value": "testfile.name|93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568", "timestamp": "1603642920", "comment": "Filename|sha3-384 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-384 test attribute", "pattern": "[file:name = 'testfile.name' AND file:hashes.SHA3384 = '93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"filename|sha3-384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "SHA3-384": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568" }, "name": "testfile.name" } ]
- Indicator
- MISP
-
filename sha3-512 - MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "filename|sha3-512", "category": "Payload delivery", "value": "testfile.name|fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748", "timestamp": "1603642920", "comment": "Filename|sha3-512 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha3-512 test attribute", "pattern": "[file:name = 'testfile.name' AND file:hashes.SHA3512 = 'fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha3-512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"filename|sha3-512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "SHA3-512": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748" }, "name": "testfile.name" } ]
- Indicator
- MISP
-
filename sha384 - MISP
{ "uuid": "c8760340-85a9-4e40-bfde-522d66ef1e9f", "type": "filename|sha384", "category": "Payload delivery", "value": "filename5|ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce", "timestamp": "1603642920", "comment": "Filename|sha384 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha384 test attribute", "pattern": "[file:name = 'filename5' AND file:hashes.SHA384 = 'ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--c8760340-85a9-4e40-bfde-522d66ef1e9f" ], "labels": [ "misp:type=\"filename|sha384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--c8760340-85a9-4e40-bfde-522d66ef1e9f", "hashes": { "SHA384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" }, "name": "filename5" } ]
- Indicator
- MISP
-
filename sha512 - MISP
{ "uuid": "55ffda25-c3fe-48b5-a6eb-59c986cb593e", "type": "filename|sha512", "category": "Payload delivery", "value": "filename6|28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe", "timestamp": "1603642920", "comment": "Filename|sha512 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512 test attribute", "pattern": "[file:name = 'filename6' AND file:hashes.SHA512 = '28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e" ], "labels": [ "misp:type=\"filename|sha512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "hashes": { "SHA-512": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe" }, "name": "filename6" } ]
- Indicator
- MISP
-
filename sha512/224 - MISP
{ "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a", "type": "filename|sha512/224", "category": "Payload delivery", "value": "filename11|5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "timestamp": "1603642920", "comment": "Filename|sha512/224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512/224 test attribute", "pattern": "[file:name = 'filename11' AND file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512/224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"filename|sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "SHA-224": "2874893927788197307efb678d9462ea3cb7680b0826a9ff69e2fafc" }, "name": "testfile.name" } ]
- Indicator
- MISP
-
filename sha512/256 - MISP
{ "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a", "type": "filename|sha512/256", "category": "Payload delivery", "value": "filename11|82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93", "timestamp": "1603642920", "comment": "Filename|sha512/256 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|sha512/256 test attribute", "pattern": "[file:name = 'filename11' AND file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a" ], "labels": [ "misp:type=\"filename|sha512/256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" }, "name": "filename11" } ]
- Indicator
- MISP
-
filename ssdeep - MISP
{ "uuid": "9060e814-a36f-45ab-84e5-66fc82dc7cff", "type": "filename|ssdeep", "category": "Payload delivery", "value": "filename7|96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi", "timestamp": "1603642920", "comment": "Filename|ssdeep test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|ssdeep test attribute", "pattern": "[file:name = 'filename7' AND file:hashes.SSDEEP = '96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--9060e814-a36f-45ab-84e5-66fc82dc7cff" ], "labels": [ "misp:type=\"filename|ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--9060e814-a36f-45ab-84e5-66fc82dc7cff", "hashes": { "SSDEEP": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" }, "name": "filename7" } ]
- Indicator
- MISP
-
filename tlsh - MISP
{ "uuid": "7467406e-88d3-4856-afc9-412459bc3c8b", "type": "filename|tlsh", "category": "Payload delivery", "value": "filename12|c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297", "timestamp": "1603642920", "comment": "Filename|tlsh test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|tlsh test attribute", "pattern": "[file:name = 'filename12' AND file:hashes.TLSH = 'c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--7467406e-88d3-4856-afc9-412459bc3c8b" ], "labels": [ "misp:type=\"filename|tlsh\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--7467406e-88d3-4856-afc9-412459bc3c8b", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" }, "name": "filename12" } ]
- Indicator
- MISP
-
filename vhash - MISP
{ "uuid": "cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "type": "filename|vhash", "category": "Payload delivery", "value": "filename13|115056655d15151138z66hz1021z55z66z3", "timestamp": "1603642920", "comment": "Filename|vhash test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Filename|vhash test attribute", "pattern": "[file:name = 'filename13' AND file:hashes.VHASH = '115056655d15151138z66hz1021z55z66z3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename|vhash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975" ], "labels": [ "misp:type=\"filename|vhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "hashes": { "VHASH": "115056655d15151138z66hz1021z55z66z3" }, "name": "filename13" } ]
- Indicator
- MISP
- github-username
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "github-username", "category": "Social network", "value": "chrisr3d", "timestamp": "1603642920", "comment": "Github username test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Github username test attribute", "pattern": "[user-account:account_type = 'github' AND user-account:account_login = 'chrisr3d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Social network" } ], "labels": [ "misp:type=\"github-username\"", "misp:category=\"Social network\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "user-account--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"github-username\"", "misp:category=\"Social network\"" ] }, { "type": "user-account", "spec_version": "2.1", "id": "user-account--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "account_login": "chrisr3d", "account_type": "github" } ]
- Indicator
- MISP
- hostname
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "hostname", "category": "Network activity", "value": "circl.lu", "timestamp": "1603642920", "comment": "Hostname test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Hostname test attribute", "pattern": "[domain-name:value = 'circl.lu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu" } ]
- Indicator
- MISP
-
hostname port - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "hostname|port", "category": "Network activity", "value": "circl.lu|8443", "timestamp": "1603642920", "comment": "Hostname|port test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Hostname|port test attribute", "pattern": "[domain-name:value = 'circl.lu' AND network-traffic:dst_port = '8443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"hostname|port\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "circl.lu" }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "dst_ref": "domain-name--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "dst_port": 8443, "protocols": [ "tcp" ] } ]
- Indicator
- MISP
- http-method
- MISP
{ "uuid": "d94bdd2c-3603-4044-8b70-20090e7526ad", "type": "http-method", "category": "Network activity", "value": "POST", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--d94bdd2c-3603-4044-8b70-20090e7526ad", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_method = 'POST']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"http-method\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- imphash
- MISP
{ "type": "imphash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "IMPHASH test attribute", "value": "68f013d7437aa653a8a98a05807afeb1", "uuid": "518b4bcb-a86b-4783-9457-391d548b605b" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "IMPHASH test attribute", "pattern": "[file:hashes.IMPHASH = '68f013d7437aa653a8a98a05807afeb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"imphash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--518b4bcb-a86b-4783-9457-391d548b605b", "hashes": { "IMPHASH": "68f013d7437aa653a8a98a05807afeb1" } } ]
- Indicator
- MISP
- ip-dst
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "ip-dst", "category": "Network activity", "value": "5.6.7.8", "timestamp": "1603642920", "comment": "Destination IP test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination IP test attribute", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "dst_ref": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "value": "5.6.7.8" } ]
- Indicator
- MISP
-
ip-dst port - MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "ip-dst|port", "category": "Network activity", "value": "5.6.7.8|5678", "timestamp": "1603642920", "comment": "Destination IP | Port test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Destination IP | Port test attribute", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8' AND network-traffic:dst_port = '5678']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"ip-dst|port\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--518b4bcb-a86b-4783-9457-391d548b605b", "dst_ref": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "dst_port": 5678, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--518b4bcb-a86b-4783-9457-391d548b605b", "value": "5.6.7.8" } ]
- Indicator
- MISP
- ip-src
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "ip-src", "category": "Network activity", "value": "1.2.3.4", "timestamp": "1603642920", "comment": "Source IP test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source IP test attribute", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "src_ref": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "1.2.3.4" } ]
- Indicator
- MISP
-
ip-src port - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "ip-src|port", "category": "Network activity", "value": "1.2.3.4|1234", "timestamp": "1603642920", "comment": "Source IP | Port test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Source IP | Port test attribute", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4' AND network-traffic:src_port = '1234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"ip-src|port\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "src_ref": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "src_port": 1234, "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "1.2.3.4" } ]
- Indicator
- MISP
- link
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "link", "category": "External analysis", "value": "https://misp-project.org/download/", "timestamp": "1603642920", "comment": "Link test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Link test attribute", "pattern": "[url:value = 'https://misp-project.org/download/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "url--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "https://misp-project.org/download/" } ]
- Indicator
- MISP
- mac-address
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "mac-address", "category": "Payload delivery", "value": "12:34:56:78:90:AB", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[mac-addr:value = '12:34:56:78:90:AB']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "mac-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"mac-address\"", "misp:category=\"Payload delivery\"" ] }, { "type": "mac-addr", "spec_version": "2.1", "id": "mac-addr--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "value": "12:34:56:78:90:ab" } ]
- Indicator
- MISP
- malware-sample
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "malware-sample", "category": "Payload delivery", "value": "oui|8764605c6f388c89096b534d33565802", "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "timestamp": "1603642920", "comment": "Malware Sample test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Malware Sample test attribute", "pattern": "[file:name = 'oui' AND file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"malware-sample\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" }, "name": "oui", "content_ref": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" }, { "type": "artifact", "spec_version": "2.1", "id": "artifact--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "mime_type": "application/zip", "payload_bin": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "encryption_algorithm": "mime-type-indicated", "decryption_key": "infected" } ]
- Indicator
- MISP
- md5
- MISP
{ "type": "md5", "category": "Payload delivery", "timestamp": "1603642920", "comment": "MD5 test attribute", "value": "b2a5abfeef9e36964281a31e17b57c97", "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "MD5 test attribute", "pattern": "[file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97" } } ]
- Indicator
- MISP
- mutex
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "mutex", "category": "Artifacts dropped", "value": "MutexTest", "timestamp": "1603642920", "comment": "Mutex test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Mutex test attribute", "pattern": "[mutex:name = 'MutexTest']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "mutex--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"mutex\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "mutex", "spec_version": "2.1", "id": "mutex--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "name": "MutexTest" } ]
- Indicator
- MISP
- pehash
- MISP
{ "type": "pehash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "PEHASH test attribute", "value": "ffb7a38174aab4744cc4a509e34800aee9be8e57", "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "PEHASH test attribute", "pattern": "[file:hashes.PEHASH = 'ffb7a38174aab4744cc4a509e34800aee9be8e57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"pehash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"pehash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "PEHASH": "ffb7a38174aab4744cc4a509e34800aee9be8e57" } } ]
- Indicator
- MISP
- port
- MISP
{ "uuid": "1af096a0-efa1-4331-9300-a6b5eb4df2e6", "type": "port", "category": "Network activity", "value": "8443", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--1af096a0-efa1-4331-9300-a6b5eb4df2e6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[network-traffic:dst_port = '8443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"port\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- regkey
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "regkey", "category": "Persistence mechanism", "value": "HKLM\\Software\\mthjk", "timestamp": "1603642920", "comment": "Regkey test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Regkey test attribute", "pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\mthjk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Persistence mechanism" } ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "key": "HKLM\\Software\\mthjk" } ]
- Indicator
- MISP
-
regkey value - MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "regkey|value", "category": "Persistence mechanism", "value": "HKLM\\Software\\mthjk|%DATA%\\1234567890", "timestamp": "1603642920", "comment": "Regkey | value test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Regkey | value test attribute", "pattern": "[windows-registry-key:key = 'HKLM\\\\Software\\\\mthjk' AND windows-registry-key:values.data = '\\\\%DATA\\\\%\\\\1234567890']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Persistence mechanism" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "key": "HKLM\\Software\\mthjk", "values": [ { "data": "%DATA%\\1234567890" } ] } ]
- Indicator
- MISP
- sha1
- MISP
{ "type": "sha1", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA1 test attribute", "value": "2920d5e6c579fce772e5506caf03af65579088bd", "uuid": "f2259650-bc33-4b64-a3a8-a324aa7ea6bb" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA1 test attribute", "pattern": "[file:hashes.SHA1 = '2920d5e6c579fce772e5506caf03af65579088bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--f2259650-bc33-4b64-a3a8-a324aa7ea6bb", "hashes": { "SHA-1": "2920d5e6c579fce772e5506caf03af65579088bd" } } ]
- Indicator
- MISP
- sha224
- MISP
{ "type": "sha224", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA224 test attribute", "value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "uuid": "90bd7dae-b78c-4025-9073-568950c780fb" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA224 test attribute", "pattern": "[file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--90bd7dae-b78c-4025-9073-568950c780fb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--90bd7dae-b78c-4025-9073-568950c780fb" ], "labels": [ "misp:type=\"sha224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--90bd7dae-b78c-4025-9073-568950c780fb", "hashes": { "SHA224": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9" } } ]
- Indicator
- MISP
- sha256
- MISP
{ "type": "sha256", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA256 test attribute", "value": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4", "uuid": "2007ec09-8137-4a71-a3ce-6ef967bebacf" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA256 test attribute", "pattern": "[file:hashes.SHA256 = '7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2007ec09-8137-4a71-a3ce-6ef967bebacf", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2007ec09-8137-4a71-a3ce-6ef967bebacf" ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2007ec09-8137-4a71-a3ce-6ef967bebacf", "hashes": { "SHA-256": "7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4" } } ]
- Indicator
- MISP
- sha3-224
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "sha3-224", "category": "Payload delivery", "value": "3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618", "timestamp": "1603642920", "comment": "SHA3-224 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-224 test attribute", "pattern": "[file:hashes.SHA3224 = '3bd6507ef58d2fecb14d39bfffbee5c71dcf7930191cc2df2e507618']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "SHA-224": "2874893927788197307efb678d9462ea3cb7680b0826a9ff69e2fafc" } } ]
- Indicator
- MISP
- sha3-256
- MISP
{ "type": "sha3-256", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA3-256 test attribute", "value": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4", "uuid": "e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-256 test attribute", "pattern": "[file:hashes.SHA3256 = '39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6" ], "labels": [ "misp:type=\"sha3-256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--e9f3dab7-1c2d-43ca-8bf7-d49214ca81a6", "hashes": { "SHA3-256": "39725234628358bcce613d1d1c07c2c3d2d106e3a6ac192016b46e5dddcd03f4" } } ]
- Indicator
- MISP
- sha3-384
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "sha3-384", "category": "Payload delivery", "value": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568", "timestamp": "1603642920", "comment": "SHA3-384 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-384 test attribute", "pattern": "[file:hashes.SHA3384 = '93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"sha3-384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "SHA3-384": "93bc97650d11bd9814f6658989605751f3279da1cffe4c7e3fafc99ce5a7bee9884daa8b70a6f0010132ee9585ead568" } } ]
- Indicator
- MISP
- sha3-512
- MISP
{ "uuid": "94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "type": "sha3-512", "category": "Payload delivery", "value": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748", "timestamp": "1603642920", "comment": "SHA3-512 test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA3-512 test attribute", "pattern": "[file:hashes.SHA3512 = 'fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha3-512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f" ], "labels": [ "misp:type=\"sha3-512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--94a2b00f-bec3-4f8a-bea4-e4ccf0de776f", "hashes": { "SHA3-512": "fdd67b8bd14e66e4b4fd9b67cff26e8e8d254569e5977c41a1bf11a33ddd758681d8f0a891be4c6c728509e2cbf20ea272a443b2a494fe52e85a3f45954db748" } } ]
- Indicator
- MISP
- sha384
- MISP
{ "type": "sha384", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA384 test attribute", "value": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce", "uuid": "c8760340-85a9-4e40-bfde-522d66ef1e9f" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA384 test attribute", "pattern": "[file:hashes.SHA384 = 'ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--c8760340-85a9-4e40-bfde-522d66ef1e9f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--c8760340-85a9-4e40-bfde-522d66ef1e9f" ], "labels": [ "misp:type=\"sha384\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--c8760340-85a9-4e40-bfde-522d66ef1e9f", "hashes": { "SHA384": "ec1f92f1d30b71ffd866fe643a5fde9b64ac86398bfd3f24302bb2bae97e2b281f67666e7167dfdeb60006e2924636ce" } } ]
- Indicator
- MISP
- sha512
- MISP
{ "type": "sha512", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512 test attribute", "value": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe", "uuid": "55ffda25-c3fe-48b5-a6eb-59c986cb593e" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512 test attribute", "pattern": "[file:hashes.SHA512 = '28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e" ], "labels": [ "misp:type=\"sha512\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--55ffda25-c3fe-48b5-a6eb-59c986cb593e", "hashes": { "SHA-512": "28c9409ebaed767fe240ecacf727f9a5bd9f17fbd054f7dff2770a81878e56b176bf5f0cd196217ac785dd88e807a78ef3ee8b8122aba15c9ffb5c143794e6fe" } } ]
- Indicator
- MISP
- sha512/224
- MISP
{ "type": "sha512/224", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512/224 test attribute", "value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9", "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512/224 test attribute", "pattern": "[file:hashes.SHA224 = '5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"sha512/224\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "SHA-224": "2874893927788197307efb678d9462ea3cb7680b0826a9ff69e2fafc" } } ]
- Indicator
- MISP
- sha512/256
- MISP
{ "type": "sha512/256", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SHA512/256 test attribute", "value": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93", "uuid": "2d35a390-ccdd-4d6b-a36d-513b05e3682a" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SHA512/256 test attribute", "pattern": "[file:hashes.SHA256 = '82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a" ], "labels": [ "misp:type=\"sha512/256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--2d35a390-ccdd-4d6b-a36d-513b05e3682a", "hashes": { "SHA-256": "82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93" } } ]
- Indicator
- MISP
- sigma
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "sigma", "category": "Artifacts dropped", "value": "title: Ps.exe Renamed SysInternals Tool description: Detects renamed SysInternals tool execution with a binary named ps.exe as used by Dragonfly APT group and documentied in TA17-293A report reference: https://www.us-cert.gov/ncas/alerts/TA17-293A author: Florian Roth date: 2017/10/22 logsource: product: windows service: sysmon detection: selection: EventID: 1 CommandLine: 'ps.exe -accepteula' condition: selection falsepositives: - Renamed SysInternals tool level: high", "timestamp": "1603642920", "comment": "Sigma test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Sigma test attribute", "pattern": "[title: Ps.exe Renamed SysInternals Tool description: Detects renamed SysInternals tool execution with a binary named ps.exe as used by Dragonfly APT group and documentied in TA17-293A report reference: https://www.us-cert.gov/ncas/alerts/TA17-293A author: Florian Roth date: 2017/10/22 logsource: product: windows service: sysmon detection: selection: EventID: 1 CommandLine: 'ps.exe -accepteula' condition: selection falsepositives: - Renamed SysInternals tool level: high]", "pattern_type": "sigma", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sigma\"", "misp:category=\"Artifacts dropped\"" ] }
- Indicator
- MISP
- size-in-bytes
- MISP
{ "uuid": "8be8065b-ca71-4210-976e-2804665a502d", "type": "size-in-bytes", "value": "1234", "category": "Other", "timestamp": "1603642920" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--8be8065b-ca71-4210-976e-2804665a502d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:size = '1234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Other" } ], "labels": [ "misp:type=\"size-in-bytes\"", "misp:category=\"Other\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- snort
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "snort", "category": "Network activity", "value": "alert http any 443 -> 8.8.8.8 any", "timestamp": "1603642920", "comment": "Snort test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Snort test attribute", "pattern": "[alert http any 443 -> 8.8.8.8 any]", "pattern_type": "snort", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"" ] }
- Indicator
- MISP
- ssdeep
- MISP
{ "type": "ssdeep", "category": "Payload delivery", "timestamp": "1603642920", "comment": "SSDEEP test attribute", "value": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi", "uuid": "9060e814-a36f-45ab-84e5-66fc82dc7cff" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "SSDEEP test attribute", "pattern": "[file:hashes.SSDEEP = '96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--9060e814-a36f-45ab-84e5-66fc82dc7cff", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--9060e814-a36f-45ab-84e5-66fc82dc7cff" ], "labels": [ "misp:type=\"ssdeep\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--9060e814-a36f-45ab-84e5-66fc82dc7cff", "hashes": { "SSDEEP": "96:QRWkwoBevsL0JsIQ3pq8dxbuTet7eU/uEzAfue9atn0JbIi:QRWktBe80JsIIq8dxKyPew0JbIi" } } ]
- Indicator
- MISP
- telfhash
- MISP
{ "uuid": "4846cade-2492-4e7d-856e-2afcd282455b", "type": "telfhash", "category": "Payload delivery", "timestamp": "1603642920", "value": "b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b", "comment": "TELFHASH test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--4846cade-2492-4e7d-856e-2afcd282455b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "TELFHASH test attribute", "pattern": "[file:hashes.TELFHASH = 'b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"telfhash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--4846cade-2492-4e7d-856e-2afcd282455b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--4846cade-2492-4e7d-856e-2afcd282455b" ], "labels": [ "misp:type=\"telfhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--4846cade-2492-4e7d-856e-2afcd282455b", "hashes": { "TELFHASH": "b1217492227645186ff295285cbc827216226b2323597f71ff36c8cc453b0e5f539d0b" } } ]
- Indicator
- MISP
- tlsh
- MISP
{ "type": "tlsh", "category": "Payload delivery", "timestamp": "1603642920", "comment": "TLSH test attribute", "value": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297", "uuid": "7467406e-88d3-4856-afc9-412459bc3c8b" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "TLSH test attribute", "pattern": "[file:hashes.TLSH = 'c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--7467406e-88d3-4856-afc9-412459bc3c8b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--7467406e-88d3-4856-afc9-412459bc3c8b" ], "labels": [ "misp:type=\"tlsh\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--7467406e-88d3-4856-afc9-412459bc3c8b", "hashes": { "TLSH": "c325af62e2f15cf7c32316389d1b57a46827be703d3879866bf52c385f396813829297" } } ]
- Indicator
- MISP
- uri
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "uri", "category": "Network activity", "value": "https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova", "timestamp": "1603642920", "comment": "URI test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "URI test attribute", "pattern": "[url:value = 'https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"uri\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "url--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"uri\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--518b4bcb-a86b-4783-9457-391d548b605b", "value": "https://vm.misp-project.org/latest/MISP_v2.4.155@ca03678.ova" } ]
- Indicator
- MISP
- url
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "url", "category": "Network activity", "value": "https://vm.misp-project.org/latest/", "timestamp": "1603642920", "comment": "URL test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "URL test attribute", "pattern": "[url:value = 'https://vm.misp-project.org/latest/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "url--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "value": "https://vm.misp-project.org/latest/" } ]
- Indicator
- MISP
- user-agent
- MISP
{ "uuid": "f0b5b638-81b4-4509-bd40-1e114955caf4", "type": "user-agent", "category": "Network activity", "value": "Mozilla Firefox", "timestamp": "1603642920", "comment": "User-agent test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--f0b5b638-81b4-4509-bd40-1e114955caf4", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "User-agent test attribute", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla Firefox']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }
- Indicator
- MISP
- vhash
- MISP
{ "type": "vhash", "category": "Payload delivery", "timestamp": "1603642920", "comment": "VHASH test attribute", "value": "115056655d15151138z66hz1021z55z66z3", "uuid": "cea8c6f6-696c-41cc-b7c7-2566ca0b0975" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "VHASH test attribute", "pattern": "[file:hashes.VHASH = '115056655d15151138z66hz1021z55z66z3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"vhash\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975" ], "labels": [ "misp:type=\"vhash\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--cea8c6f6-696c-41cc-b7c7-2566ca0b0975", "hashes": { "VHASH": "115056655d15151138z66hz1021z55z66z3" } } ]
- Indicator
- MISP
- vulnerability
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "vulnerability", "category": "External analysis", "value": "CVE-2017-11774", "timestamp": "1603642920", "comment": "Vulnerability test attribute" } - STIX
- Vulnerability
{ "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "CVE-2017-11774", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-11774" } ] }
- Vulnerability
- MISP
- x509-fingerprint-md5
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "x509-fingerprint-md5", "category": "Payload delivery", "value": "8764605c6f388c89096b534d33565802", "timestamp": "1603642920", "comment": "X509 MD5 fingerprint test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 MD5 fingerprint test attribute", "pattern": "[x509-certificate:hashes.MD5 = '8764605c6f388c89096b534d33565802']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "x509-certificate--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f" ], "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" } } ]
- Indicator
- MISP
- x509-fingerprint-sha1
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "x509-fingerprint-sha1", "category": "Payload delivery", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "timestamp": "1603642920", "comment": "X509 SHA1 fingerprint test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 SHA1 fingerprint test attribute", "pattern": "[x509-certificate:hashes.SHA1 = '46aba99aa7158e4609aaa72b50990842fd22ae86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "x509-certificate--518b4bcb-a86b-4783-9457-391d548b605b" ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--518b4bcb-a86b-4783-9457-391d548b605b", "hashes": { "SHA-1": "46aba99aa7158e4609aaa72b50990842fd22ae86" } } ]
- Indicator
- MISP
- x509-fingerprint-sha256
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "x509-fingerprint-sha256", "category": "Payload delivery", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "timestamp": "1603642920", "comment": "X509 SHA256 fingerprint test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "X509 SHA256 fingerprint test attribute", "pattern": "[x509-certificate:hashes.SHA256 = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } - Observed Data
[ { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "object_refs": [ "x509-certificate--34cb1a7c-55ec-412a-8684-ba4a88d83a45" ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "hashes": { "SHA-256": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b" } } ]
- Indicator
- MISP
- yara
- MISP
{ "uuid": "34cb1a7c-55ec-412a-8684-ba4a88d83a45", "type": "yara", "category": "Payload installation", "value": "rule torcryptomining { meta: description = \"Tor miner - broken UPX magic string\" strings: $upx_erase = {(00 FF 99 41|DF DD 30 33)} condition: $upx_erase at 236 }", "timestamp": "1603642920", "comment": "Yara test attribute" } - STIX
- Indicator
{ "type": "indicator", "spec_version": "2.1", "id": "indicator--34cb1a7c-55ec-412a-8684-ba4a88d83a45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "description": "Yara test attribute", "pattern": "[rule torcryptomining { meta: description = \"Tor miner - broken UPX magic string\" strings: $upx_erase = {(00 FF 99 41|DF DD 30 33)} condition: $upx_erase at 236 }]", "pattern_type": "yara", "pattern_version": "2.1", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Payload installation\"" ] }
- Indicator
- MISP
Unmapped attribute types
You may have noticed we are very far from having all the attribute types supported. This is due to the various use cases that MISP can be used for.
Nonetheless, every attribute whose type is not in the list, is exported as Custom object.
With the following examples, btc and iban are attribute types that are not mapped, where the other ones:
- are already mentioned above and giving valid STIX 2.1 pattern expressions when their
to_idsflag is set toTrue. - are not providing enough information to produce Observable objects and are then exported as
Customobjects when theirto_idsflag is unset.
Let us see those examples of custom objects exported from attributes:
- btc
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "btc", "category": "Financial fraud", "value": "1E38kt7ryhbRXUzbam6iQ6sd93VHUUdjEE", "timestamp": "1603642920", "comment": "Btc test attribute", "to_ids": true } - STIX
{ "type": "x-misp-object-btc", "spec_version": "2.1", "id": "x-misp-object-btc--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"btc\"", "misp:category=\"Financial fraud\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Financial fraud", "x_misp_comment": "Btc test attribute", "x_misp_value": "1E38kt7ryhbRXUzbam6iQ6sd93VHUUdjEE" }
- MISP
- http-method
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "http-method", "category": "Network activity", "value": "POST", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-http-method", "spec_version": "2.1", "id": "x-misp-object-http-method--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"http-method\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_value": "POST" }
- MISP
- iban
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "iban", "category": "Financial fraud", "value": "LU1234567890ABCDEF1234567890", "timestamp": "1603642920", "comment": "IBAN test attribute", "to_ids": true } - STIX
{ "type": "x-misp-object-iban", "spec_version": "2.1", "id": "x-misp-object-iban--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"iban\"", "misp:category=\"Financial fraud\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Financial fraud", "x_misp_comment": "IBAN test attribute", "x_misp_value": "LU1234567890ABCDEF1234567890" }
- MISP
- port
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "port", "category": "Network activity", "value": "8443", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-port", "spec_version": "2.1", "id": "x-misp-object-port--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"port\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_value": "8443" }
- MISP
- size-in-bytes
- MISP
{ "uuid": "91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "type": "size-in-bytes", "value": "1234", "category": "Other", "timestamp": "1603642920", "to_ids": false } - STIX
{ "type": "x-misp-object-size-in-bytes", "spec_version": "2.1", "id": "x-misp-object-size-in-bytes--91ae0a21-c7ae-4c7f-b84b-b84a7ce53d1f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"size-in-bytes\"", "misp:category=\"Other\"" ], "x_misp_category": "Other", "x_misp_value": "1234" }
- MISP
- user-agent
- MISP
{ "uuid": "518b4bcb-a86b-4783-9457-391d548b605b", "type": "user-agent", "category": "Network activity", "value": "Mozilla Firefox", "timestamp": "1603642920", "comment": "User-agent test attribute", "to_ids": false } - STIX
{ "type": "x-misp-object-user-agent", "spec_version": "2.1", "id": "x-misp-object-user-agent--518b4bcb-a86b-4783-9457-391d548b605b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2021-03-11T13:59:57.000Z", "modified": "2021-03-11T13:59:57.000Z", "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "User-agent test attribute", "x_misp_value": "Mozilla Firefox" }
- MISP
The other detailed mappings
For more detailed mappings, click on one of the link below: