11{
22 "attributes" : {
3- "domain" : {
4- "categories" : [
5- " Network activity"
6- " External analysis"
7- ],
8- "description" : " Domain of the whois entry"
9- "misp-attribute" : " domain"
10- "multiple" : true ,
3+ "asn" : {
4+ "description" : " ASN where the content is hosted"
5+ "misp-attribute" : " as"
116 "ui-priority" : 0
127 },
13- "ip-address" : {
14- "description" : " IP address of the whois entry"
15- "misp-attribute" : " ip-src"
16- "multiple" : true ,
8+ "certificate-common-name" : {
9+ "description" : " Certificate common name"
10+ "misp-attribute" : " text"
1711 "ui-priority" : 0
1812 },
19- "dns-server" : {
20- "description" : " DNS server"
21- "misp-attribute" : " hostname"
22- "multiple" : true ,
23- "to_ids" : false ,
13+ "certificate-country" : {
14+ "description" : " Certificate country name"
15+ "misp-attribute" : " text"
2416 "ui-priority" : 0
2517 },
26- "subdomain" : {
27- "description" : " Subdomain"
28- "disable_correlation" : true ,
29- "misp-attribute" : " text"
18+ "certificate-creation-date" : {
19+ "description" : " Certificate date it was created"
20+ "misp-attribute" : " datetime"
3021 "ui-priority" : 0
3122 },
32- "tld" : {
33- "description" : " Top-Level Domain"
34- "disable_correlation" : true ,
35- "misp-attribute" : " text"
23+ "certificate-expiry-date" : {
24+ "description" : " Certificate date it will expire"
25+ "misp-attribute" : " datetime"
3626 "ui-priority" : 0
3727 },
38- "threat-actor-infrastructure-pattern " : {
39- "description" : " Patterns found on threat actor infrastructure that can correlate with other analysis. "
28+ "certificate-issuer " : {
29+ "description" : " Certificate Issuer "
4030 "misp-attribute" : " text"
41- "multiple" : true ,
4231 "ui-priority" : 0
4332 },
44- "threat-actor-infrastructure-value "
45- "description" : " Unique valeu found on threat actor infrastructure identified through an investigation. "
33+ "certificate-organization "
34+ "description" : " Certificate organization "
4635 "misp-attribute" : " text"
47- "multiple" : true ,
4836 "ui-priority" : 0
4937 },
50- "hosting-provider " : {
51- "description" : " The hosting provider/ISP where the resources are. "
38+ "certificate-organization-locality " : {
39+ "description" : " Certificate locality "
5240 "misp-attribute" : " text"
5341 "ui-priority" : 0
5442 },
55- "port" : {
56- "description" : " Port number"
57- "disable_correlation" : true ,
58- "misp-attribute" : " port"
43+ "certificate-organization-state" : {
44+ "description" : " Certificate state or provincy name"
45+ "misp-attribute" : " text"
5946 "ui-priority" : 0
6047 },
61- "query_string " : {
62- "description" : " Query (after path, preceded by '?') "
48+ "certificate-organization-unit " : {
49+ "description" : " Certificate organization unit "
6350 "misp-attribute" : " text"
64- "multiple" : true ,
6551 "ui-priority" : 0
6652 },
67- "resource_path " : {
68- "description" : " Path (between hostname:port and query) "
69- "misp-attribute" : " text "
53+ "dns-server " : {
54+ "description" : " DNS server "
55+ "misp-attribute" : " hostname "
7056 "multiple" : true ,
57+ "to_ids" : false ,
7158 "ui-priority" : 0
7259 },
73- "jarm" : {
74- "description" : " JARM Footprint string"
75- "misp-attribute" : " text"
60+ "domain" : {
61+ "categories" : [
62+ " Network activity"
63+ " External analysis"
64+ ],
65+ "description" : " Domain of the whois entry"
66+ "misp-attribute" : " domain"
67+ "multiple" : true ,
7668 "ui-priority" : 0
7769 },
78- "google-analytics-id" : {
79- "description" : " Google analytics IDS"
80- "misp-attribute" : " text"
81- "ui-priority" : 0
70+ "evidences" : {
71+ "categories" : [
72+ " External analysis"
73+ ],
74+ "description" : " Screenshot of the network resources."
75+ "disable_correlation" : true ,
76+ "misp-attribute" : " attachment"
77+ "multiple" : true ,
78+ "ui-priority" : 1
8279 },
83- "certificate-issuer "
84- "description" : " Certificate Issuer "
80+ "google-analytics-id "
81+ "description" : " Google analytics IDS "
8582 "misp-attribute" : " text"
8683 "ui-priority" : 0
8784 },
88- "certificate-common-name "
89- "description" : " Certificate common name "
85+ "hosting-provider "
86+ "description" : " The hosting provider/ISP where the resources are. "
9087 "misp-attribute" : " text"
9188 "ui-priority" : 0
9289 },
93- "certificate-organization-unit" : {
94- "description" : " Certificate organization unit"
95- "misp-attribute" : " text"
90+ "ip-address" : {
91+ "description" : " IP address of the whois entry"
92+ "misp-attribute" : " ip-src"
93+ "multiple" : true ,
9694 "ui-priority" : 0
9795 },
98- "certificate-organization "
99- "description" : " Certificate organization "
100- "misp-attribute" : " text "
96+ "jarm "
97+ "description" : " JARM Footprint string "
98+ "misp-attribute" : " jarm-fingerprint "
10199 "ui-priority" : 0
102100 },
103- "certificate-organization-locality" : {
104- "description" : " Certificate locality"
105- "misp-attribute" : " text"
101+ "port" : {
102+ "description" : " Port number"
103+ "disable_correlation" : true ,
104+ "misp-attribute" : " port"
106105 "ui-priority" : 0
107106 },
108- "certificate-organization-state "
109- "description" : " Certificate state or provincy name "
107+ "query_string "
108+ "description" : " Query (after path, preceded by '?') "
110109 "misp-attribute" : " text"
110+ "multiple" : true ,
111111 "ui-priority" : 0
112112 },
113- "certificate-country "
114- "description" : " Certificate country name "
113+ "resource_path "
114+ "description" : " Path (between hostname:port and query) "
115115 "misp-attribute" : " text"
116+ "multiple" : true ,
116117 "ui-priority" : 0
117118 },
118- "service-abuse" : {
119+ "service-abuse" : {
119120 "description" : " Service abused by threat actors as part of their infrastructure."
120121 "misp-attribute" : " text"
121122 "multiple" : true ,
122123 "ui-priority" : 0 ,
123- "values_list" : [
124+ "values_list" : [
124125 " OneDrive"
125126 " Google Drive"
126127 " Dropbox"
127128 " Microsoft"
128- " Google"
129- " DuckDNS"
130- " Cloudflare"
131- " AWS"
129+ " Google"
130+ " DuckDNS"
131+ " Cloudflare"
132+ " AWS"
132133 ]
133134 },
134- "asn" :{
135- "description" : " ASN where the content is hosted"
136- "misp-attribute" : " as"
137- "ui-priority" :0
135+ "subdomain" : {
136+ "description" : " Subdomain"
137+ "disable_correlation" : true ,
138+ "misp-attribute" : " text"
139+ "ui-priority" : 0
140+ },
141+ "text" : {
142+ "description" : " Full whois entry"
143+ "disable_correlation" : true ,
144+ "misp-attribute" : " text"
145+ "ui-priority" : 1
146+ },
147+ "threat-actor-infrastructure-pattern" : {
148+ "description" : " Patterns found on threat actor infrastructure that can correlate with other analysis."
149+ "misp-attribute" : " text"
150+ "multiple" : true ,
151+ "ui-priority" : 0
152+ },
153+ "threat-actor-infrastructure-value" : {
154+ "description" : " Unique valeu found on threat actor infrastructure identified through an investigation."
155+ "misp-attribute" : " text"
156+ "multiple" : true ,
157+ "ui-priority" : 0
158+ },
159+ "tld" : {
160+ "description" : " Top-Level Domain"
161+ "disable_correlation" : true ,
162+ "misp-attribute" : " text"
163+ "ui-priority" : 0
138164 },
139165 "url" : {
140166 "description" : " Full URL"
141167 "misp-attribute" : " url"
142168 "ui-priority" : 1
143169 },
170+ "whois-creation-date" : {
171+ "description" : " Initial creation of the whois entry"
172+ "disable_correlation" : true ,
173+ "misp-attribute" : " datetime"
174+ "ui-priority" : 0
175+ },
176+ "whois-expiration-date" : {
177+ "description" : " Expiration of the whois entry"
178+ "disable_correlation" : true ,
179+ "misp-attribute" : " datetime"
180+ "ui-priority" : 0
181+ },
144182 "whois-registrant-email" : {
145183 "description" : " Registrant email address"
146184 "misp-attribute" : " whois-registrant-email"
165203 "description" : " Registrar of the whois entry"
166204 "misp-attribute" : " whois-registrar"
167205 "ui-priority" : 0
168- },
169- "whois-creation-date" : {
170- "description" : " Initial creation of the whois entry"
171- "disable_correlation" : true ,
172- "misp-attribute" : " datetime"
173- "ui-priority" : 0
174- },
175- "whois-expiration-date" : {
176- "description" : " Expiration of the whois entry"
177- "disable_correlation" : true ,
178- "misp-attribute" : " datetime"
179- "ui-priority" : 0
180- },
181- "text" : {
182- "description" : " Full whois entry"
183- "disable_correlation" : true ,
184- "misp-attribute" : " text"
185- "ui-priority" : 1
186- },
187- "evidences" : {
188- "categories" : [
189- " External analysis"
190- ],
191- "description" : " Screenshot of the network resources."
192- "disable_correlation" : true ,
193- "misp-attribute" : " attachment"
194- "multiple" : true ,
195- "ui-priority" : 1
196- },
197- "certificate-creation-date" : {
198- "description" : " Certificate date it was created"
199- "misp-attribute" : " datetime"
200- "ui-priority" : 0
201- },
202- "certificate-expiry-date" : {
203- "description" : " Certificate date it will expire"
204- "misp-attribute" : " datetime"
205- "ui-priority" : 0
206206 }
207- },
207+ },
208208 "description" : " Elements that can be used to profile, pivot or identify a network infrastructure, including domains, ip and urls."
209209 "meta-category" : " network"
210210 "name" : " network-profile"
211211 "requiredOneOf" : [
212212 " domain"
213213 " ip-address"
214- " url"
214+ " url"
215215 ],
216216 "uuid" : " f0f9e287-8067-49a4-b0f8-7a0fed8d4e43"
217- "version" : 4
218- }
217+ "version" : 5
218+ }
0 commit comments