Categories and Types

Last modified: Tue Dec 31 2024 12:02:43 GMT+0100 (Central European Standard Time)

Attribute Categories vs. Types

Category Antivirus detection Artifacts dropped Attribution External analysis Financial fraud Internal reference
AS X
aba-rtn X
anonymised X X X X X X
attachment X X X
authentihash X
azure-application-id
bank-account-nr X
bic X
bin X
boolean
bro X
btc X
campaign-id X
campaign-name X
cc-number X
cdhash X
chrome-extension-id
comment X X X X X X
community-id X
cookie X
cortex X
counter
country-of-residence
cpe X
dash X
date-of-birth
datetime
dkim
dkim-signature
dns-soa-email X
dom-hash X
domain X
domain|ip X
email X
email-attachment
email-body
email-dst
email-dst-display-name
email-header
email-message-id
email-mime-boundary
email-reply-to
email-src
email-src-display-name
email-subject
email-thread-index
email-x-mailer
eppn
favicon-mmh3
filename X X
filename-pattern X X
filename|authentihash X
filename|impfuzzy X
filename|imphash X
filename|md5 X X
filename|pehash X
filename|sha1 X X
filename|sha224 X
filename|sha256 X X
filename|sha3-224 X X
filename|sha3-256 X X
filename|sha3-384 X X
filename|sha3-512 X X
filename|sha384 X
filename|sha512 X
filename|sha512/224 X
filename|sha512/256 X
filename|ssdeep X
filename|tlsh X
filename|vhash X
first-name
float
frequent-flyer-number
full-name
gender
gene X
git-commit-id X
github-organisation
github-repository X
github-username
hassh-md5 X
hasshserver-md5 X
hex X X X X
hostname X
hostname|port
http-method
iban X
identity-card-number
impfuzzy X
imphash X
integer
ip-dst X
ip-dst|port X
ip-src X
ip-src|port X
issue-date-of-the-visa
ja3-fingerprint-md5 X
jabber-id
jarm-fingerprint X
kusto-query X
last-name
link X X X
mac-address X
mac-eui-64 X
malware-sample X X
malware-type
md5 X X
middle-name
mime-type X
mobile-application-id
mutex X
named pipe X
nationality
onion-address X
other X X X X X X
passenger-name-record-locator-number
passport-country
passport-expiration
passport-number
pattern-in-file X X
pattern-in-memory X X
pattern-in-traffic X
payment-details
pdb X
pehash
pgp-private-key X
pgp-public-key X
phone-number X
place-of-birth
place-port-of-clearance
place-port-of-onward-foreign-destination
place-port-of-original-embarkation
port
primary-residence
process-state X
prtn X
redress-number
regkey X X
regkey|value X X
sha1 X X
sha224 X
sha256 X X
sha3-224 X X
sha3-256 X X
sha3-384 X X
sha3-512 X X
sha384 X
sha512 X
sha512/224 X
sha512/256 X
sigma X
size-in-bytes
snort X
special-service-request
ssdeep X
ssh-fingerprint
stix2-pattern X
target-email
target-external
target-location
target-machine
target-org
target-user
telfhash X
text X X X X X X
threat-actor X
tlsh
travel-details
twitter-id
uri
url X
user-agent X
vhash X
visa-number
vulnerability X
weakness X
whois-creation-date X
whois-registrant-email X
whois-registrant-name X
whois-registrant-org X
whois-registrant-phone X
whois-registrar X
windows-scheduled-task X
windows-service-displayname X
windows-service-name X
x509-fingerprint-md5 X X X
x509-fingerprint-sha1 X X X
x509-fingerprint-sha256 X X X
xmr X
yara X
zeek X
Category Network activity Other Payload delivery Payload installation Payload type Persistence mechanism
AS X X
aba-rtn
anonymised X X X X X X
attachment X X X
authentihash X X
azure-application-id X X
bank-account-nr
bic
bin
boolean X
bro X
btc
campaign-id
campaign-name
cc-number
cdhash X X
chrome-extension-id X X
comment X X X X X X
community-id X
cookie X
cortex
counter X
country-of-residence
cpe X X X
dash
date-of-birth
datetime X
dkim X
dkim-signature X
dns-soa-email
dom-hash X
domain X X
domain|ip X
email X X
email-attachment X
email-body X
email-dst X X
email-dst-display-name X
email-header X
email-message-id X
email-mime-boundary X
email-reply-to X
email-src X X
email-src-display-name X
email-subject X X
email-thread-index X
email-x-mailer X
eppn X
favicon-mmh3 X
filename X X X
filename-pattern X X X
filename|authentihash X X
filename|impfuzzy X X
filename|imphash X X
filename|md5 X X
filename|pehash X X
filename|sha1 X X
filename|sha224 X X
filename|sha256 X X
filename|sha3-224 X X
filename|sha3-256 X X
filename|sha3-384 X X
filename|sha3-512 X X
filename|sha384 X X
filename|sha512 X X
filename|sha512/224 X X
filename|sha512/256 X X
filename|ssdeep X X
filename|tlsh X X
filename|vhash X X
first-name
float X
frequent-flyer-number
full-name
gender
gene
git-commit-id
github-organisation
github-repository
github-username
hassh-md5 X X
hasshserver-md5 X X
hex X X X X X
hostname X X
hostname|port X X
http-method X
iban
identity-card-number
impfuzzy X X
imphash X X
integer X
ip-dst X X
ip-dst|port X X
ip-src X X
ip-src|port X X
issue-date-of-the-visa
ja3-fingerprint-md5 X X
jabber-id
jarm-fingerprint X X
kusto-query
last-name
link X
mac-address X X
mac-eui-64 X X
malware-sample X X
malware-type X X
md5 X X
middle-name
mime-type X X
mobile-application-id X X
mutex
named pipe
nationality
onion-address X X
other X X X X X X
passenger-name-record-locator-number
passport-country
passport-expiration
passport-number
pattern-in-file X X X
pattern-in-memory X
pattern-in-traffic X X X
payment-details
pdb
pehash X X
pgp-private-key X
pgp-public-key X
phone-number X
place-of-birth
place-port-of-clearance
place-port-of-onward-foreign-destination
place-port-of-original-embarkation
port X X
primary-residence
process-state
prtn
redress-number
regkey X
regkey|value X
sha1 X X
sha224 X X
sha256 X X
sha3-224 X X
sha3-256 X X
sha3-384 X X
sha3-512 X X
sha384 X X
sha512 X X
sha512/224 X X
sha512/256 X X
sigma X X
size-in-bytes X
snort X
special-service-request
ssdeep X X
ssh-fingerprint X
stix2-pattern X X X
target-email
target-external
target-location
target-machine
target-org
target-user
telfhash X X
text X X X X X X
threat-actor
tlsh X X
travel-details
twitter-id
uri X
url X X
user-agent X X
vhash X X
visa-number
vulnerability X X
weakness X X
whois-creation-date
whois-registrant-email X
whois-registrant-name
whois-registrant-org
whois-registrant-phone
whois-registrar
windows-scheduled-task
windows-service-displayname
windows-service-name
x509-fingerprint-md5 X X X
x509-fingerprint-sha1 X X X
x509-fingerprint-sha256 X X X
xmr
yara X X
zeek X
Category Person Social network Support Tool Targeting data
AS
aba-rtn
anonymised X X X X
attachment X
authentihash
azure-application-id
bank-account-nr
bic
bin
boolean
bro
btc
campaign-id
campaign-name
cc-number
cdhash
chrome-extension-id
comment X X X X
community-id
cookie
cortex
counter
country-of-residence X
cpe
dash
date-of-birth X
datetime
dkim
dkim-signature
dns-soa-email
dom-hash
domain
domain|ip
email X X
email-attachment
email-body
email-dst X
email-dst-display-name
email-header
email-message-id
email-mime-boundary
email-reply-to
email-src X
email-src-display-name
email-subject
email-thread-index
email-x-mailer
eppn X
favicon-mmh3
filename
filename-pattern
filename|authentihash
filename|impfuzzy
filename|imphash
filename|md5
filename|pehash
filename|sha1
filename|sha224
filename|sha256
filename|sha3-224
filename|sha3-256
filename|sha3-384
filename|sha3-512
filename|sha384
filename|sha512
filename|sha512/224
filename|sha512/256
filename|ssdeep
filename|tlsh
filename|vhash
first-name X
float
frequent-flyer-number X
full-name X
gender X
gene
git-commit-id
github-organisation X
github-repository X
github-username X
hassh-md5
hasshserver-md5
hex X
hostname
hostname|port
http-method
iban
identity-card-number X
impfuzzy
imphash
integer
ip-dst
ip-dst|port
ip-src
ip-src|port
issue-date-of-the-visa X
ja3-fingerprint-md5
jabber-id X
jarm-fingerprint
kusto-query
last-name X
link X
mac-address
mac-eui-64
malware-sample
malware-type
md5
middle-name X
mime-type
mobile-application-id
mutex
named pipe
nationality X
onion-address
other X X X
passenger-name-record-locator-number X
passport-country X
passport-expiration X
passport-number X
pattern-in-file
pattern-in-memory
pattern-in-traffic
payment-details X
pdb
pehash
pgp-private-key X X
pgp-public-key X X
phone-number X
place-of-birth X
place-port-of-clearance X
place-port-of-onward-foreign-destination X
place-port-of-original-embarkation X
port
primary-residence X
process-state
prtn
redress-number X
regkey
regkey|value
sha1
sha224
sha256
sha3-224
sha3-256
sha3-384
sha3-512
sha384
sha512
sha512/224
sha512/256
sigma
size-in-bytes
snort
special-service-request X
ssdeep
ssh-fingerprint
stix2-pattern
target-email X
target-external X
target-location X
target-machine X
target-org X
target-user X
telfhash
text X X X
threat-actor
tlsh
travel-details X
twitter-id X
uri
url
user-agent
vhash
visa-number X
vulnerability
weakness
whois-creation-date
whois-registrant-email X
whois-registrant-name
whois-registrant-org
whois-registrant-phone
whois-registrar
windows-scheduled-task
windows-service-displayname
windows-service-name
x509-fingerprint-md5
x509-fingerprint-sha1
x509-fingerprint-sha256
xmr
yara
zeek

Categories

Types