Toggle navigation
case-0.5.0-docs
Entities A-Z
Classes
Properties
Shapes
Statistics
Classes (428)
action:Action
action:ActionArgumentFacet
action:ActionEstimationFacet
action:ActionFrequencyFacet
action:ActionLifecycle
action:ActionPattern
action:ActionReferencesFacet
action:ArrayOfAction
core:Annotation
core:Assertion
core:AttributedName
core:Bundle
core:Compilation
core:ConfidenceFacet
core:ContextualCompilation
core:ControlledVocabulary
core:EnclosingCompilation
core:ExternalReference
core:Facet
core:Grouping
core:IdentityAbstraction
core:Item
core:MarkingDefinitionAbstraction
core:ModusOperandi
core:Relationship
core:UcoObject
identity:AddressFacet
identity:AffiliationFacet
identity:BirthInformationFacet
identity:CountryOfResidenceFacet
identity:EventsFacet
identity:IdentifierFacet
identity:Identity
identity:IdentityFacet
identity:LanguagesFacet
identity:NationalityFacet
identity:OccupationFacet
identity:Organization
identity:OrganizationDetailsFacet
identity:Person
identity:PersonalDetailsFacet
identity:PhysicalInfoFacet
identity:QualificationFacet
identity:RelatedIdentityFacet
identity:SimpleNameFacet
identity:VisaFacet
investigation:Attorney
investigation:Authorization
investigation:Examiner
investigation:ExaminerActionLifecylce
investigation:Investigation
investigation:InvestigativeAction
investigation:Investigator
investigation:ProvenanceRecord
investigation:Subject
investigation:SubjectActionLifecycle
investigation:VictimActionLifecycle
location:GPSCoordinatesFacet
location:LatLongCoordinatesFacet
location:Location
location:SimpleAddressFacet
marking:GranularMarking
marking:LicenseMarking
marking:MarkingDefinition
marking:MarkingModel
marking:ReleaseToMarking
marking:StatementMarking
marking:TermsOfUseMarking
observable:API
observable:ARPCache
observable:ARPCacheEntry
observable:Account
observable:AccountAuthenticationFacet
observable:AccountFacet
observable:Address
observable:AlternateDataStream
observable:Appliance
observable:Application
observable:ApplicationAccount
observable:ApplicationAccountFacet
observable:ApplicationFacet
observable:ArchiveFile
observable:ArchiveFileFacet
observable:AttachmentFacet
observable:Audio
observable:AudioFacet
observable:AutonomousSystem
observable:AutonomousSystemFacet
observable:BlockDeviceNode
observable:BluetoothAddress
observable:BluetoothAddressFacet
observable:BotConfiguration
observable:BrowserBookmark
observable:BrowserBookmarkFacet
observable:BrowserCookie
observable:BrowserCookieFacet
observable:Calendar
observable:CalendarEntry
observable:CalendarEntryFacet
observable:CalendarFacet
observable:CharacterDeviceNode
observable:Code
observable:CompressedStreamFacet
observable:ComputerSpecification
observable:ComputerSpecificationFacet
observable:Contact
observable:ContactAddress
observable:ContactAffiliation
observable:ContactEmail
observable:ContactFacet
observable:ContactList
observable:ContactListFacet
observable:ContactMessaging
observable:ContactPhone
observable:ContactProfile
observable:ContactSIP
observable:ContactURL
observable:ContentData
observable:ContentDataFacet
observable:CookieHistory
observable:Credential
observable:CredentialDump
observable:DNSCache
observable:DNSRecord
observable:DataRangeFacet
observable:DefinedEffectFacet
observable:Device
observable:DeviceFacet
observable:DigitalAccount
observable:DigitalAccountFacet
observable:DigitalAddress
observable:DigitalAddressFacet
observable:DigitalSignatureInfo
observable:DigitalSignatureInfoFacet
observable:Directory
observable:Disk
observable:DiskFacet
observable:DiskPartition
observable:DiskPartitionFacet
observable:DomainName
observable:DomainNameFacet
observable:EXIFFacet
observable:EmailAccount
observable:EmailAccountFacet
observable:EmailAddress
observable:EmailAddressFacet
observable:EmailMessage
observable:EmailMessageFacet
observable:EncodedStreamFacet
observable:EncryptedStreamFacet
observable:EnvironmentVariable
observable:Event
observable:EventFacet
observable:EventLog
observable:ExtInodeFacet
observable:ExtractedString
observable:ExtractedStringsFacet
observable:File
observable:FileFacet
observable:FilePermissionsFacet
observable:FileSystem
observable:FileSystemFacet
observable:FileSystemObject
observable:ForumPost
observable:ForumPrivateMessage
observable:FragmentFacet
observable:GUI
observable:GenericObservableObject
observable:GeoLocationEntry
observable:GeoLocationEntryFacet
observable:GeoLocationLog
observable:GeoLocationLogFacet
observable:GeoLocationTrack
observable:GeoLocationTrackFacet
observable:GlobalFlagType
observable:HTTPConnection
observable:HTTPConnectionFacet
observable:Hostname
observable:ICMPConnection
observable:ICMPConnectionFacet
observable:IComHandlerActionType
observable:IExecActionType
observable:IPAddress
observable:IPAddressFacet
observable:IPNetmask
observable:IPv4Address
observable:IPv4AddressFacet
observable:IPv6Address
observable:IPv6AddressFacet
observable:IShowMessageActionType
observable:Image
observable:ImageFacet
observable:InstantMessagingAddress
observable:InstantMessagingAddressFacet
observable:Junction
observable:Library
observable:LibraryFacet
observable:MACAddress
observable:MACAddressFacet
observable:Memory
observable:MemoryFacet
observable:Message
observable:MessageFacet
observable:MessageThread
observable:MessageThreadFacet
observable:MftRecordFacet
observable:MimePartType
observable:MobileAccount
observable:MobileAccountFacet
observable:MobileDevice
observable:MobileDeviceFacet
observable:Mutex
observable:MutexFacet
observable:NTFSFile
observable:NTFSFileFacet
observable:NTFSFilePermissionsFacet
observable:NamedPipe
observable:NetworkAppliance
observable:NetworkConnection
observable:NetworkConnectionFacet
observable:NetworkFlow
observable:NetworkFlowFacet
observable:NetworkInterface
observable:NetworkInterfaceFacet
observable:NetworkProtocol
observable:NetworkRoute
observable:NetworkSubnet
observable:Note
observable:NoteFacet
observable:Observable
observable:ObservableAction
observable:ObservableObject
observable:ObservablePattern
observable:ObservableRelationship
observable:Observation
observable:OnlineService
observable:OnlineServiceFacet
observable:OperatingSystem
observable:OperatingSystemFacet
observable:PDFFile
observable:PDFFileFacet
observable:PathRelationFacet
observable:PaymentCard
observable:PhoneAccount
observable:PhoneAccountFacet
observable:PhoneCall
observable:PhoneCallFacet
observable:Pipe
observable:Post
observable:Process
observable:ProcessFacet
observable:Profile
observable:ProfileFacet
observable:PropertiesEnumeratedEffectFacet
observable:PropertyReadEffectFacet
observable:RasterPicture
observable:RasterPictureFacet
observable:ReparsePoint
observable:SIMCard
observable:SIMCardFacet
observable:SIPAddress
observable:SIPAddressFacet
observable:SMSMessage
observable:SMSMessageFacet
observable:SQLiteBlob
observable:SQLiteBlobFacet
observable:SecurityAppliance
observable:Semaphore
observable:SendControlCodeEffectFacet
observable:ShopListing
observable:Snapshot
observable:Socket
observable:SocketAddress
observable:Software
observable:SoftwareFacet
observable:StateChangeEffectFacet
observable:SymbolicLink
observable:SymbolicLinkFacet
observable:TCPConnection
observable:TCPConnectionFacet
observable:TaskActionType
observable:Thread
observable:TriggerType
observable:Tweet
observable:TwitterProfileFacet
observable:UNIXAccount
observable:UNIXAccountFacet
observable:UNIXFile
observable:UNIXFilePermissionsFacet
observable:UNIXProcess
observable:UNIXProcessFacet
observable:UNIXVolumeFacet
observable:URL
observable:URLFacet
observable:URLHistory
observable:URLHistoryEntry
observable:URLHistoryFacet
observable:URLVisit
observable:URLVisitFacet
observable:UserAccount
observable:UserAccountFacet
observable:UserSession
observable:UserSessionFacet
observable:ValuesEnumeratedEffectFacet
observable:Volume
observable:VolumeFacet
observable:WebPage
observable:WhoIs
observable:WhoIsFacet
observable:WhoisContactFacet
observable:WhoisRegistrarInfoType
observable:WifiAddress
observable:WifiAddressFacet
observable:Wiki
observable:WikiArticle
observable:WindowsAccount
observable:WindowsAccountFacet
observable:WindowsActiveDirectoryAccount
observable:WindowsActiveDirectoryAccountFacet
observable:WindowsComputerSpecification
observable:WindowsComputerSpecificationFacet
observable:WindowsCriticalSection
observable:WindowsEvent
observable:WindowsFilemapping
observable:WindowsHandle
observable:WindowsHook
observable:WindowsMailslot
observable:WindowsNetworkShare
observable:WindowsPEBinaryFile
observable:WindowsPEBinaryFileFacet
observable:WindowsPEFileHeader
observable:WindowsPEOptionalHeader
observable:WindowsPESection
observable:WindowsPrefetch
observable:WindowsPrefetchFacet
observable:WindowsProcess
observable:WindowsProcessFacet
observable:WindowsRegistryHive
observable:WindowsRegistryHiveFacet
observable:WindowsRegistryKey
observable:WindowsRegistryKeyFacet
observable:WindowsRegistryValue
observable:WindowsService
observable:WindowsServiceFacet
observable:WindowsSystemRestore
observable:WindowsTask
observable:WindowsTaskFacet
observable:WindowsThread
observable:WindowsThreadFacet
observable:WindowsVolumeFacet
observable:WindowsWaitableTime
observable:WirelessNetworkConnection
observable:WirelessNetworkConnectionFacet
observable:X509Certificate
observable:X509CertificateFacet
observable:X509V3Certificate
observable:X509V3ExtensionsFacet
pattern:LogicalPattern
pattern:Pattern
pattern:PatternExpression
role:BenevolentRole
role:MaliciousRole
role:NeutralRole
role:Role
tool:AnalyticTool
tool:BuildConfigurationType
tool:BuildFacet
tool:BuildInformationType
tool:BuildUtilityType
tool:CompilerType
tool:ConfigurationSettingType
tool:DefensiveTool
tool:DependencyType
tool:LibraryType
tool:MaliciousTool
tool:Tool
tool:ToolConfigurationTypeFacet
types:ControlledDictionary
types:ControlledDictionaryEntry
types:Dictionary
types:DictionaryEntry
types:Hash
types:Identifier
victim:Victim
victim:VictimTargeting
vocab:InvestigationFormVocab
vocabulary1:AccountTypeVocab
vocabulary1:ActionArgumentNameVocab
vocabulary1:ActionNameVocab
vocabulary1:ActionRelationshipTypeVocab
vocabulary1:ActionStatusTypeVocab
vocabulary1:ActionTypeVocab
vocabulary1:BitnessVocab
vocabulary1:CharacterEncodingVocab
vocabulary1:ContactAddressScopeVocab
vocabulary1:ContactEmailScopeVocab
vocabulary1:ContactPhoneScopeVocab
vocabulary1:ContactSIPScopeVocab
vocabulary1:ContactURLScopeVocab
vocabulary1:DiskTypeVocab
vocabulary1:EndiannessTypeVocab
vocabulary1:HashNameVocab
vocabulary1:LibraryTypeVocab
vocabulary1:MemoryBlockTypeVocab
vocabulary1:ObservableObjectRelationshipVocab
vocabulary1:ObservableObjectStateVocab
vocabulary1:PartitionTypeVocab
vocabulary1:ProcessorArchVocab
vocabulary1:RegionalRegistryTypeVocab
vocabulary1:RegistryDatatypeVocab
vocabulary1:SIMFormVocab
vocabulary1:SIMTypeVocab
vocabulary1:TaskActionTypeVocab
vocabulary1:TaskFlagVocab
vocabulary1:TaskPriorityVocab
vocabulary1:TaskStatusVocab
vocabulary1:ThreadRunningStatusVocab
vocabulary1:TimestampPrecisionVocab
vocabulary1:TrendVocab
vocabulary1:TriggerFrequencyVocab
vocabulary1:TriggerTypeVocab
vocabulary1:URLTransitionTypeVocab
vocabulary1:UnixProcessStateVocab
vocabulary1:WhoisContactTypeVocab
vocabulary1:WhoisDNSSECTypeVocab
vocabulary1:WhoisStatusTypeVocab
vocabulary1:WindowsDriveTypeVocab
vocabulary1:WindowsVolumeAttributeVocab
Properties (709)
action:action
action:actionCount
action:actionStatus
action:argumentName
action:endTime
action:environment
action:error
action:estimatedCost
action:estimatedEfficacy
action:estimatedImpact
action:instrument
action:location
action:object
action:objective
action:participant
action:performer
action:phase
action:rate
action:result
action:scale
action:startTime
action:subaction
action:trend
action:units
action:value
core:confidence
core:constrainingVocabularyName
core:constrainingVocabularyReference
core:context
core:createdBy
core:definingContext
core:description
core:endTime
core:externalIdentifier
core:externalReference
core:hasFacet
core:id
core:isDirectional
core:kindOfRelationship
core:modifiedTime
core:name
core:namingAuthority
core:object
core:objectCreatedTime
core:objectMarking
core:referenceURL
core:source
core:specVersion
core:startTime
core:statement
core:tag
core:target
core:type
core:value
identity:address
identity:birthdate
identity:familyName
identity:givenName
identity:honorificPrefix
identity:honorificSuffix
investigation:authorizationIdentifier
investigation:authorizationType
investigation:exhibitNumber
investigation:focus
investigation:investigationForm
investigation:investigationStatus
investigation:relevantAuthorization
investigation:rootExhibitNumber
investigation:wasDerivedFrom
investigation:wasInformedBy
location:addressType
location:altitude
location:country
location:hdop
location:latitude
location:locality
location:longitude
location:pdop
location:postalCode
location:region
location:street
location:tdop
location:vdop
marking:authorizedIdentities
marking:contentSelectors
marking:definition
marking:definitionType
marking:license
marking:marking
marking:statement
marking:termsOfUse
observable:ESN
observable:ICCID
observable:IMEI
observable:IMSI
observable:MSISDN
observable:MSISDNType
observable:PIN
observable:PUK
observable:SIMForm
observable:SIMType
observable:abbreviation
observable:accessedDirectory
observable:accessedFile
observable:accessedTime
observable:account
observable:accountIdentifier
observable:accountIssuer
observable:accountLogin
observable:accountLogonType
observable:accountRunLevel
observable:accountType
observable:actionID
observable:actionList
observable:actionType
observable:activeDirectoryGroups
observable:adapterName
observable:addressOfEntryPoint
observable:addressValue
observable:allocationStatus
observable:alternateDataStreams
observable:application
observable:applicationFileName
observable:applicationIdentifier
observable:archiveType
observable:arguments
observable:asHandle
observable:aslrEnabled
observable:attendant
observable:audioType
observable:authorityKeyIdentifier
observable:availableRam
observable:baseOfCode
observable:baseStation
observable:basicConstraints
observable:bcc
observable:binary
observable:biosDate
observable:biosManufacturer
observable:biosReleaseDate
observable:biosSerialNumber
observable:biosVersion
observable:bitRate
observable:bitness
observable:bitsPerPixel
observable:blockType
observable:bluetoothDeviceName
observable:body
observable:bodyMultipart
observable:bodyRaw
observable:bookmarkPath
observable:browserInformation
observable:browserUserProfile
observable:byteOrder
observable:byteStringValue
observable:callType
observable:camera
observable:canEscalatePrivs
observable:carrier
observable:categories
observable:cc
observable:certificateIssuer
observable:certificatePolicies
observable:certificateSubject
observable:characteristics
observable:checksum
observable:clockSetting
observable:clusterSize
observable:columnName
observable:comClassID
observable:comData
observable:comment
observable:compressionMethod
observable:compressionRatio
observable:computerName
observable:contact
observable:contactAddress
observable:contactAddressScope
observable:contactAffiliation
observable:contactEmail
observable:contactEmailScope
observable:contactGroup
observable:contactID
observable:contactMessaging
observable:contactMessagingPlatform
observable:contactNote
observable:contactOrganization
observable:contactPhone
observable:contactPhoneNumber
observable:contactPhoneScope
observable:contactProfile
observable:contactProfilePlatform
observable:contactSIP
observable:contactSIPScope
observable:contactURL
observable:contactURLScope
observable:contentDisposition
observable:contentType
observable:context
observable:controlCode
observable:cookieDomain
observable:cookieName
observable:cookiePath
observable:cpeid
observable:cpu
observable:cpuFamily
observable:creationDate
observable:creationFlags
observable:creationTime
observable:creator
observable:creatorUser
observable:crlDistributionPoints
observable:currentSystemDate
observable:currentWorkingDirectory
observable:cyberAction
observable:data
observable:dataPayload
observable:dataPayloadReferenceURL
observable:dataType
observable:depEnabled
observable:descriptions
observable:destination
observable:destinationFlags
observable:destinationPort
observable:deviceType
observable:dhcpLeaseExpires
observable:dhcpLeaseObtained
observable:dhcpServer
observable:diskPartitionType
observable:diskSize
observable:diskType
observable:displayName
observable:dllCharacteristics
observable:dnssec
observable:documentInformationDictionary
observable:domain
observable:domainID
observable:domainName
observable:driveLetter
observable:driveType
observable:dst
observable:dstBytes
observable:dstPackets
observable:dstPayload
observable:duration
observable:effectiveGroup
observable:effectiveGroupID
observable:effectiveUser
observable:emailAddress
observable:encoding
observable:encodingMethod
observable:encryptionIV
observable:encryptionKey
observable:encryptionMethod
observable:encryptionMode
observable:endTime
observable:englishTranslation
observable:entropy
observable:entryID
observable:environmentVariables
observable:eventID
observable:eventStatus
observable:eventText
observable:eventType
observable:execArguments
observable:execProgramHashes
observable:execProgramPath
observable:execWorkingDirectory
observable:exifData
observable:exitCode
observable:exitStatus
observable:exitTime
observable:expirationDate
observable:expirationTime
observable:extDeletionTime
observable:extFileType
observable:extFlags
observable:extHardLinkCount
observable:extInodeChangeTime
observable:extInodeID
observable:extPermissions
observable:extSGID
observable:extSUID
observable:extendedKeyUsage
observable:extension
observable:favoritesCount
observable:fileAlignment
observable:fileHeaderHashes
observable:fileName
observable:filePath
observable:fileSystemType
observable:firstLoginTime
observable:firstName
observable:firstRun
observable:firstVisit
observable:flags
observable:followersCount
observable:format
observable:fragment
observable:fragmentIndex
observable:freeSpace
observable:friendsCount
observable:from
observable:fromURLVisit
observable:fullValue
observable:geoLocationEntry
observable:geolocationAddress
observable:gid
observable:globalFlagList
observable:gpu
observable:gpuFamily
observable:groupName
observable:groups
observable:hasChanged
observable:hash
observable:hashes
observable:headerRaw
observable:hexadecimalValue
observable:hiveType
observable:homeDirectory
observable:host
observable:hostname
observable:httpMesageBodyLength
observable:httpMessageBodyData
observable:httpRequestHeader
observable:iComHandlerAction
observable:iEmailAction
observable:iExecAction
observable:iShowMessageAction
observable:icmpCode
observable:icmpType
observable:imageBase
observable:imageCompressionMethod
observable:imageName
observable:imageType
observable:impHash
observable:inReplyTo
observable:inetLocation
observable:inhibitAnyPolicy
observable:installDate
observable:ip
observable:ipAddress
observable:ipGateway
observable:ipfix
observable:isActive
observable:isDirectory
observable:isDisabled
observable:isEnabled
observable:isEncrypted
observable:isHidden
observable:isInjected
observable:isMapped
observable:isMimeEncoded
observable:isMultipart
observable:isNamed
observable:isOptimized
observable:isPrivate
observable:isPrivileged
observable:isProtected
observable:isRead
observable:isSecure
observable:isSelfSigned
observable:isServiceAccount
observable:isTLD
observable:isVolatile
observable:issuer
observable:issuerAlternativeName
observable:issuerHash
observable:key
observable:keyUsage
observable:keypadUnlockCode
observable:keywordSearchTerm
observable:labels
observable:language
observable:lastLoginTime
observable:lastName
observable:lastRun
observable:lastTimeContacted
observable:lastVisit
observable:length
observable:libraryType
observable:listedCount
observable:loaderFlags
observable:localTime
observable:location
observable:loginTime
observable:logoutTime
observable:lookupDate
observable:macAddress
observable:machine
observable:magic
observable:magicNumber
observable:majorImageVersion
observable:majorLinkerVersion
observable:majorOSVersion
observable:majorSubsystemVersion
observable:manuallyEnteredCount
observable:manufacturer
observable:maxRunTime
observable:message
observable:messageID
observable:messageText
observable:messageType
observable:messagingAddress
observable:metadataChangeTime
observable:mftFileID
observable:mftFileNameAccessedTime
observable:mftFileNameCreatedTime
observable:mftFileNameLength
observable:mftFileNameModifiedTime
observable:mftFileNameRecordChangeTime
observable:mftFlags
observable:mftParentID
observable:mftRecordChangeTime
observable:middleName
observable:mimeClass
observable:mimeType
observable:minorImageVersion
observable:minorLinkerVersion
observable:minorOSVersion
observable:minorSubsystemVersion
observable:mockLocationsAllowed
observable:model
observable:modifiedTime
observable:mostRecentRunTime
observable:mountPoint
observable:msProductID
observable:msProductName
observable:nameConstraints
observable:namePhonetic
observable:namePrefix
observable:nameServer
observable:nameSuffix
observable:netBIOSName
observable:network
observable:networkInterface
observable:newObject
observable:nextRunTime
observable:nickname
observable:ntfsHardLinkCount
observable:ntfsOwnerID
observable:ntfsOwnerSID
observable:number
observable:numberOfLaunches
observable:numberOfRVAAndSizes
observable:numberOfSections
observable:numberOfSubkeys
observable:numberOfSymbols
observable:numberTimesContacted
observable:objectGUID
observable:observableCreatedTime
observable:oldObject
observable:openFileDescriptor
observable:operatingSystem
observable:optionalHeader
observable:options
observable:organizationDepartment
observable:organizationLocation
observable:organizationPosition
observable:otherHeaders
observable:owner
observable:ownerSID
observable:pageTitle
observable:parameterAddress
observable:parameters
observable:parent
observable:participant
observable:partition
observable:partitionID
observable:partitionLength
observable:partitionOffset
observable:password
observable:passwordLastChanged
observable:passwordType
observable:path
observable:pdfId0
observable:pdfId1
observable:peType
observable:phoneActivationTime
observable:phoneNumber
observable:pictureHeight
observable:pictureType
observable:pictureWidth
observable:pid
observable:pointerToSymbolTable
observable:policyConstraints
observable:policyMappings
observable:port
observable:prefetchHash
observable:priority
observable:privateKeyUsagePeriodNotAfter
observable:privateKeyUsagePeriodNotBefore
observable:processorArchitecture
observable:profile
observable:profileAccount
observable:profileBackgroundHash
observable:profileBackgroundLocation
observable:profileBannerHash
observable:profileBannerLocation
observable:profileCreated
observable:profileIdentity
observable:profileImageHash
observable:profileImageLocation
observable:profileIsProtected
observable:profileIsVerified
observable:profileLanguage
observable:profileService
observable:profileWebsite
observable:properties
observable:propertyName
observable:protocols
observable:query
observable:rangeOffset
observable:rangeOffsetType
observable:rangeSize
observable:receivedLines
observable:receivedTime
observable:recurrence
observable:references
observable:referralURL
observable:referrerUrl
observable:regionEndAddress
observable:regionSize
observable:regionStartAddress
observable:regionalInternetRegistry
observable:registeredOrganization
observable:registeredOwner
observable:registrantContactInfo
observable:registrantIDs
observable:registrarGUID
observable:registrarID
observable:registrarInfo
observable:registrarName
observable:registryValues
observable:remarks
observable:remindTime
observable:requestMethod
observable:requestValue
observable:requestVersion
observable:rowCondition
observable:rowIndex
observable:ruid
observable:runningStatus
observable:scheme
observable:sectionAlignment
observable:sections
observable:sectorSize
observable:securityAttributes
observable:sender
observable:sentTime
observable:serialNumber
observable:serverName
observable:serviceName
observable:serviceStatus
observable:serviceType
observable:sessionID
observable:shell
observable:showMessageBody
observable:showMessageTitle
observable:sid
observable:signature
observable:signatureAlgorithm
observable:signatureDescription
observable:signatureExists
observable:signatureVerified
observable:sipAddress
observable:size
observable:sizeInBytes
observable:sizeOfCode
observable:sizeOfHeaders
observable:sizeOfHeapCommit
observable:sizeOfHeapReserve
observable:sizeOfImage
observable:sizeOfInitializedData
observable:sizeOfOptionalHeader
observable:sizeOfStackCommit
observable:sizeOfStackReserve
observable:sizeOfUninitializedData
observable:sourceApplication
observable:sourceFlags
observable:sourcePort
observable:spaceLeft
observable:spaceUsed
observable:sponsoringRegistrar
observable:src
observable:srcBytes
observable:srcPackets
observable:srcPayload
observable:ssid
observable:stackSize
observable:startAddress
observable:startCommandLine
observable:startTime
observable:startType
observable:startupInfo
observable:state
observable:status
observable:statusesCount
observable:storageCapacityInBytes
observable:stringValue
observable:strings
observable:subject
observable:subjectAlternativeName
observable:subjectDirectoryAttributes
observable:subjectHash
observable:subjectKeyIdentifier
observable:subjectPublicKeyAlgorithm
observable:subjectPublicKeyExponent
observable:subjectPublicKeyModulus
observable:subsystem
observable:swid
observable:symbolicName
observable:systemTime
observable:tableName
observable:targetFile
observable:taskComment
observable:taskCreator
observable:text
observable:threadID
observable:thumbprintHash
observable:timeDateStamp
observable:timesExecuted
observable:timezoneDST
observable:timezoneStandard
observable:to
observable:totalFragments
observable:totalRam
observable:totalSpace
observable:triggerBeginTime
observable:triggerDelay
observable:triggerEndTime
observable:triggerFrequency
observable:triggerList
observable:triggerMaxRunTime
observable:triggerSessionChangeType
observable:triggerType
observable:twitterHandle
observable:twitterId
observable:updatedDate
observable:uptime
observable:url
observable:urlHistoryEntry
observable:urlTargeted
observable:urlTransitionType
observable:userLocationString
observable:userName
observable:validityNotAfter
observable:validityNotBefore
observable:value
observable:values
observable:version
observable:visibility
observable:visitCount
observable:visitDuration
observable:visitTime
observable:volume
observable:volumeID
observable:whoisContactType
observable:whoisServer
observable:win32VersionValue
observable:windowTitle
observable:windowsDirectory
observable:windowsSystemDirectory
observable:windowsTempDirectory
observable:windowsVolumeAttributes
observable:workItemData
observable:workingDirectory
observable:x509v3extensions
observable:xMailer
observable:xOriginatingIP
pattern:patternExpression
tool:buildConfiguration
tool:buildID
tool:buildInformation
tool:buildLabel
tool:buildOutputLog
tool:buildProject
tool:buildScript
tool:buildUtility
tool:buildUtilityName
tool:buildVersion
tool:compilationDate
tool:compilerInformalDescription
tool:compilers
tool:configurationSettingDescription
tool:configurationSettings
tool:cpeid
tool:creator
tool:dependencies
tool:dependencyDescription
tool:dependencyType
tool:itemDescription
tool:itemName
tool:itemType
tool:itemValue
tool:libraries
tool:libraryName
tool:libraryVersion
tool:references
tool:servicePack
tool:swid
tool:toolType
tool:usageContextAssumptions
tool:version
types:entry
types:hashMethod
types:hashValue
types:key
types:value
Home
Entities A-Z
Entities A-Z
Classes (428)
action:Action
action:ActionArgumentFacet
action:ActionEstimationFacet
action:ActionFrequencyFacet
action:ActionLifecycle
action:ActionPattern
action:ActionReferencesFacet
action:ArrayOfAction
core:Annotation
core:Assertion
core:AttributedName
core:Bundle
core:Compilation
core:ConfidenceFacet
core:ContextualCompilation
core:ControlledVocabulary
core:EnclosingCompilation
core:ExternalReference
core:Facet
core:Grouping
core:IdentityAbstraction
core:Item
core:MarkingDefinitionAbstraction
core:ModusOperandi
core:Relationship
core:UcoObject
identity:AddressFacet
identity:AffiliationFacet
identity:BirthInformationFacet
identity:CountryOfResidenceFacet
identity:EventsFacet
identity:IdentifierFacet
identity:Identity
identity:IdentityFacet
identity:LanguagesFacet
identity:NationalityFacet
identity:OccupationFacet
identity:Organization
identity:OrganizationDetailsFacet
identity:Person
identity:PersonalDetailsFacet
identity:PhysicalInfoFacet
identity:QualificationFacet
identity:RelatedIdentityFacet
identity:SimpleNameFacet
identity:VisaFacet
investigation:Attorney
investigation:Authorization
investigation:Examiner
investigation:ExaminerActionLifecylce
investigation:Investigation
investigation:InvestigativeAction
investigation:Investigator
investigation:ProvenanceRecord
investigation:Subject
investigation:SubjectActionLifecycle
investigation:VictimActionLifecycle
location:GPSCoordinatesFacet
location:LatLongCoordinatesFacet
location:Location
location:SimpleAddressFacet
marking:GranularMarking
marking:LicenseMarking
marking:MarkingDefinition
marking:MarkingModel
marking:ReleaseToMarking
marking:StatementMarking
marking:TermsOfUseMarking
observable:API
observable:ARPCache
observable:ARPCacheEntry
observable:Account
observable:AccountAuthenticationFacet
observable:AccountFacet
observable:Address
observable:AlternateDataStream
observable:Appliance
observable:Application
observable:ApplicationAccount
observable:ApplicationAccountFacet
observable:ApplicationFacet
observable:ArchiveFile
observable:ArchiveFileFacet
observable:AttachmentFacet
observable:Audio
observable:AudioFacet
observable:AutonomousSystem
observable:AutonomousSystemFacet
observable:BlockDeviceNode
observable:BluetoothAddress
observable:BluetoothAddressFacet
observable:BotConfiguration
observable:BrowserBookmark
observable:BrowserBookmarkFacet
observable:BrowserCookie
observable:BrowserCookieFacet
observable:Calendar
observable:CalendarEntry
observable:CalendarEntryFacet
observable:CalendarFacet
observable:CharacterDeviceNode
observable:Code
observable:CompressedStreamFacet
observable:ComputerSpecification
observable:ComputerSpecificationFacet
observable:Contact
observable:ContactAddress
observable:ContactAffiliation
observable:ContactEmail
observable:ContactFacet
observable:ContactList
observable:ContactListFacet
observable:ContactMessaging
observable:ContactPhone
observable:ContactProfile
observable:ContactSIP
observable:ContactURL
observable:ContentData
observable:ContentDataFacet
observable:CookieHistory
observable:Credential
observable:CredentialDump
observable:DNSCache
observable:DNSRecord
observable:DataRangeFacet
observable:DefinedEffectFacet
observable:Device
observable:DeviceFacet
observable:DigitalAccount
observable:DigitalAccountFacet
observable:DigitalAddress
observable:DigitalAddressFacet
observable:DigitalSignatureInfo
observable:DigitalSignatureInfoFacet
observable:Directory
observable:Disk
observable:DiskFacet
observable:DiskPartition
observable:DiskPartitionFacet
observable:DomainName
observable:DomainNameFacet
observable:EXIFFacet
observable:EmailAccount
observable:EmailAccountFacet
observable:EmailAddress
observable:EmailAddressFacet
observable:EmailMessage
observable:EmailMessageFacet
observable:EncodedStreamFacet
observable:EncryptedStreamFacet
observable:EnvironmentVariable
observable:Event
observable:EventFacet
observable:EventLog
observable:ExtInodeFacet
observable:ExtractedString
observable:ExtractedStringsFacet
observable:File
observable:FileFacet
observable:FilePermissionsFacet
observable:FileSystem
observable:FileSystemFacet
observable:FileSystemObject
observable:ForumPost
observable:ForumPrivateMessage
observable:FragmentFacet
observable:GUI
observable:GenericObservableObject
observable:GeoLocationEntry
observable:GeoLocationEntryFacet
observable:GeoLocationLog
observable:GeoLocationLogFacet
observable:GeoLocationTrack
observable:GeoLocationTrackFacet
observable:GlobalFlagType
observable:HTTPConnection
observable:HTTPConnectionFacet
observable:Hostname
observable:ICMPConnection
observable:ICMPConnectionFacet
observable:IComHandlerActionType
observable:IExecActionType
observable:IPAddress
observable:IPAddressFacet
observable:IPNetmask
observable:IPv4Address
observable:IPv4AddressFacet
observable:IPv6Address
observable:IPv6AddressFacet
observable:IShowMessageActionType
observable:Image
observable:ImageFacet
observable:InstantMessagingAddress
observable:InstantMessagingAddressFacet
observable:Junction
observable:Library
observable:LibraryFacet
observable:MACAddress
observable:MACAddressFacet
observable:Memory
observable:MemoryFacet
observable:Message
observable:MessageFacet
observable:MessageThread
observable:MessageThreadFacet
observable:MftRecordFacet
observable:MimePartType
observable:MobileAccount
observable:MobileAccountFacet
observable:MobileDevice
observable:MobileDeviceFacet
observable:Mutex
observable:MutexFacet
observable:NTFSFile
observable:NTFSFileFacet
observable:NTFSFilePermissionsFacet
observable:NamedPipe
observable:NetworkAppliance
observable:NetworkConnection
observable:NetworkConnectionFacet
observable:NetworkFlow
observable:NetworkFlowFacet
observable:NetworkInterface
observable:NetworkInterfaceFacet
observable:NetworkProtocol
observable:NetworkRoute
observable:NetworkSubnet
observable:Note
observable:NoteFacet
observable:Observable
observable:ObservableAction
observable:ObservableObject
observable:ObservablePattern
observable:ObservableRelationship
observable:Observation
observable:OnlineService
observable:OnlineServiceFacet
observable:OperatingSystem
observable:OperatingSystemFacet
observable:PDFFile
observable:PDFFileFacet
observable:PathRelationFacet
observable:PaymentCard
observable:PhoneAccount
observable:PhoneAccountFacet
observable:PhoneCall
observable:PhoneCallFacet
observable:Pipe
observable:Post
observable:Process
observable:ProcessFacet
observable:Profile
observable:ProfileFacet
observable:PropertiesEnumeratedEffectFacet
observable:PropertyReadEffectFacet
observable:RasterPicture
observable:RasterPictureFacet
observable:ReparsePoint
observable:SIMCard
observable:SIMCardFacet
observable:SIPAddress
observable:SIPAddressFacet
observable:SMSMessage
observable:SMSMessageFacet
observable:SQLiteBlob
observable:SQLiteBlobFacet
observable:SecurityAppliance
observable:Semaphore
observable:SendControlCodeEffectFacet
observable:ShopListing
observable:Snapshot
observable:Socket
observable:SocketAddress
observable:Software
observable:SoftwareFacet
observable:StateChangeEffectFacet
observable:SymbolicLink
observable:SymbolicLinkFacet
observable:TCPConnection
observable:TCPConnectionFacet
observable:TaskActionType
observable:Thread
observable:TriggerType
observable:Tweet
observable:TwitterProfileFacet
observable:UNIXAccount
observable:UNIXAccountFacet
observable:UNIXFile
observable:UNIXFilePermissionsFacet
observable:UNIXProcess
observable:UNIXProcessFacet
observable:UNIXVolumeFacet
observable:URL
observable:URLFacet
observable:URLHistory
observable:URLHistoryEntry
observable:URLHistoryFacet
observable:URLVisit
observable:URLVisitFacet
observable:UserAccount
observable:UserAccountFacet
observable:UserSession
observable:UserSessionFacet
observable:ValuesEnumeratedEffectFacet
observable:Volume
observable:VolumeFacet
observable:WebPage
observable:WhoIs
observable:WhoIsFacet
observable:WhoisContactFacet
observable:WhoisRegistrarInfoType
observable:WifiAddress
observable:WifiAddressFacet
observable:Wiki
observable:WikiArticle
observable:WindowsAccount
observable:WindowsAccountFacet
observable:WindowsActiveDirectoryAccount
observable:WindowsActiveDirectoryAccountFacet
observable:WindowsComputerSpecification
observable:WindowsComputerSpecificationFacet
observable:WindowsCriticalSection
observable:WindowsEvent
observable:WindowsFilemapping
observable:WindowsHandle
observable:WindowsHook
observable:WindowsMailslot
observable:WindowsNetworkShare
observable:WindowsPEBinaryFile
observable:WindowsPEBinaryFileFacet
observable:WindowsPEFileHeader
observable:WindowsPEOptionalHeader
observable:WindowsPESection
observable:WindowsPrefetch
observable:WindowsPrefetchFacet
observable:WindowsProcess
observable:WindowsProcessFacet
observable:WindowsRegistryHive
observable:WindowsRegistryHiveFacet
observable:WindowsRegistryKey
observable:WindowsRegistryKeyFacet
observable:WindowsRegistryValue
observable:WindowsService
observable:WindowsServiceFacet
observable:WindowsSystemRestore
observable:WindowsTask
observable:WindowsTaskFacet
observable:WindowsThread
observable:WindowsThreadFacet
observable:WindowsVolumeFacet
observable:WindowsWaitableTime
observable:WirelessNetworkConnection
observable:WirelessNetworkConnectionFacet
observable:X509Certificate
observable:X509CertificateFacet
observable:X509V3Certificate
observable:X509V3ExtensionsFacet
pattern:LogicalPattern
pattern:Pattern
pattern:PatternExpression
role:BenevolentRole
role:MaliciousRole
role:NeutralRole
role:Role
tool:AnalyticTool
tool:BuildConfigurationType
tool:BuildFacet
tool:BuildInformationType
tool:BuildUtilityType
tool:CompilerType
tool:ConfigurationSettingType
tool:DefensiveTool
tool:DependencyType
tool:LibraryType
tool:MaliciousTool
tool:Tool
tool:ToolConfigurationTypeFacet
types:ControlledDictionary
types:ControlledDictionaryEntry
types:Dictionary
types:DictionaryEntry
types:Hash
types:Identifier
victim:Victim
victim:VictimTargeting
vocab:InvestigationFormVocab
vocabulary1:AccountTypeVocab
vocabulary1:ActionArgumentNameVocab
vocabulary1:ActionNameVocab
vocabulary1:ActionRelationshipTypeVocab
vocabulary1:ActionStatusTypeVocab
vocabulary1:ActionTypeVocab
vocabulary1:BitnessVocab
vocabulary1:CharacterEncodingVocab
vocabulary1:ContactAddressScopeVocab
vocabulary1:ContactEmailScopeVocab
vocabulary1:ContactPhoneScopeVocab
vocabulary1:ContactSIPScopeVocab
vocabulary1:ContactURLScopeVocab
vocabulary1:DiskTypeVocab
vocabulary1:EndiannessTypeVocab
vocabulary1:HashNameVocab
vocabulary1:LibraryTypeVocab
vocabulary1:MemoryBlockTypeVocab
vocabulary1:ObservableObjectRelationshipVocab
vocabulary1:ObservableObjectStateVocab
vocabulary1:PartitionTypeVocab
vocabulary1:ProcessorArchVocab
vocabulary1:RegionalRegistryTypeVocab
vocabulary1:RegistryDatatypeVocab
vocabulary1:SIMFormVocab
vocabulary1:SIMTypeVocab
vocabulary1:TaskActionTypeVocab
vocabulary1:TaskFlagVocab
vocabulary1:TaskPriorityVocab
vocabulary1:TaskStatusVocab
vocabulary1:ThreadRunningStatusVocab
vocabulary1:TimestampPrecisionVocab
vocabulary1:TrendVocab
vocabulary1:TriggerFrequencyVocab
vocabulary1:TriggerTypeVocab
vocabulary1:URLTransitionTypeVocab
vocabulary1:UnixProcessStateVocab
vocabulary1:WhoisContactTypeVocab
vocabulary1:WhoisDNSSECTypeVocab
vocabulary1:WhoisStatusTypeVocab
vocabulary1:WindowsDriveTypeVocab
vocabulary1:WindowsVolumeAttributeVocab
Properties (709)
action:action
action:actionCount
action:actionStatus
action:argumentName
action:endTime
action:environment
action:error
action:estimatedCost
action:estimatedEfficacy
action:estimatedImpact
action:instrument
action:location
action:object
action:objective
action:participant
action:performer
action:phase
action:rate
action:result
action:scale
action:startTime
action:subaction
action:trend
action:units
action:value
core:confidence
core:constrainingVocabularyName
core:constrainingVocabularyReference
core:context
core:createdBy
core:definingContext
core:description
core:endTime
core:externalIdentifier
core:externalReference
core:hasFacet
core:id
core:isDirectional
core:kindOfRelationship
core:modifiedTime
core:name
core:namingAuthority
core:object
core:objectCreatedTime
core:objectMarking
core:referenceURL
core:source
core:specVersion
core:startTime
core:statement
core:tag
core:target
core:type
core:value
identity:address
identity:birthdate
identity:familyName
identity:givenName
identity:honorificPrefix
identity:honorificSuffix
investigation:authorizationIdentifier
investigation:authorizationType
investigation:exhibitNumber
investigation:focus
investigation:investigationForm
investigation:investigationStatus
investigation:relevantAuthorization
investigation:rootExhibitNumber
investigation:wasDerivedFrom
investigation:wasInformedBy
location:addressType
location:altitude
location:country
location:hdop
location:latitude
location:locality
location:longitude
location:pdop
location:postalCode
location:region
location:street
location:tdop
location:vdop
marking:authorizedIdentities
marking:contentSelectors
marking:definition
marking:definitionType
marking:license
marking:marking
marking:statement
marking:termsOfUse
observable:ESN
observable:ICCID
observable:IMEI
observable:IMSI
observable:MSISDN
observable:MSISDNType
observable:PIN
observable:PUK
observable:SIMForm
observable:SIMType
observable:abbreviation
observable:accessedDirectory
observable:accessedFile
observable:accessedTime
observable:account
observable:accountIdentifier
observable:accountIssuer
observable:accountLogin
observable:accountLogonType
observable:accountRunLevel
observable:accountType
observable:actionID
observable:actionList
observable:actionType
observable:activeDirectoryGroups
observable:adapterName
observable:addressOfEntryPoint
observable:addressValue
observable:allocationStatus
observable:alternateDataStreams
observable:application
observable:applicationFileName
observable:applicationIdentifier
observable:archiveType
observable:arguments
observable:asHandle
observable:aslrEnabled
observable:attendant
observable:audioType
observable:authorityKeyIdentifier
observable:availableRam
observable:baseOfCode
observable:baseStation
observable:basicConstraints
observable:bcc
observable:binary
observable:biosDate
observable:biosManufacturer
observable:biosReleaseDate
observable:biosSerialNumber
observable:biosVersion
observable:bitRate
observable:bitness
observable:bitsPerPixel
observable:blockType
observable:bluetoothDeviceName
observable:body
observable:bodyMultipart
observable:bodyRaw
observable:bookmarkPath
observable:browserInformation
observable:browserUserProfile
observable:byteOrder
observable:byteStringValue
observable:callType
observable:camera
observable:canEscalatePrivs
observable:carrier
observable:categories
observable:cc
observable:certificateIssuer
observable:certificatePolicies
observable:certificateSubject
observable:characteristics
observable:checksum
observable:clockSetting
observable:clusterSize
observable:columnName
observable:comClassID
observable:comData
observable:comment
observable:compressionMethod
observable:compressionRatio
observable:computerName
observable:contact
observable:contactAddress
observable:contactAddressScope
observable:contactAffiliation
observable:contactEmail
observable:contactEmailScope
observable:contactGroup
observable:contactID
observable:contactMessaging
observable:contactMessagingPlatform
observable:contactNote
observable:contactOrganization
observable:contactPhone
observable:contactPhoneNumber
observable:contactPhoneScope
observable:contactProfile
observable:contactProfilePlatform
observable:contactSIP
observable:contactSIPScope
observable:contactURL
observable:contactURLScope
observable:contentDisposition
observable:contentType
observable:context
observable:controlCode
observable:cookieDomain
observable:cookieName
observable:cookiePath
observable:cpeid
observable:cpu
observable:cpuFamily
observable:creationDate
observable:creationFlags
observable:creationTime
observable:creator
observable:creatorUser
observable:crlDistributionPoints
observable:currentSystemDate
observable:currentWorkingDirectory
observable:cyberAction
observable:data
observable:dataPayload
observable:dataPayloadReferenceURL
observable:dataType
observable:depEnabled
observable:descriptions
observable:destination
observable:destinationFlags
observable:destinationPort
observable:deviceType
observable:dhcpLeaseExpires
observable:dhcpLeaseObtained
observable:dhcpServer
observable:diskPartitionType
observable:diskSize
observable:diskType
observable:displayName
observable:dllCharacteristics
observable:dnssec
observable:documentInformationDictionary
observable:domain
observable:domainID
observable:domainName
observable:driveLetter
observable:driveType
observable:dst
observable:dstBytes
observable:dstPackets
observable:dstPayload
observable:duration
observable:effectiveGroup
observable:effectiveGroupID
observable:effectiveUser
observable:emailAddress
observable:encoding
observable:encodingMethod
observable:encryptionIV
observable:encryptionKey
observable:encryptionMethod
observable:encryptionMode
observable:endTime
observable:englishTranslation
observable:entropy
observable:entryID
observable:environmentVariables
observable:eventID
observable:eventStatus
observable:eventText
observable:eventType
observable:execArguments
observable:execProgramHashes
observable:execProgramPath
observable:execWorkingDirectory
observable:exifData
observable:exitCode
observable:exitStatus
observable:exitTime
observable:expirationDate
observable:expirationTime
observable:extDeletionTime
observable:extFileType
observable:extFlags
observable:extHardLinkCount
observable:extInodeChangeTime
observable:extInodeID
observable:extPermissions
observable:extSGID
observable:extSUID
observable:extendedKeyUsage
observable:extension
observable:favoritesCount
observable:fileAlignment
observable:fileHeaderHashes
observable:fileName
observable:filePath
observable:fileSystemType
observable:firstLoginTime
observable:firstName
observable:firstRun
observable:firstVisit
observable:flags
observable:followersCount
observable:format
observable:fragment
observable:fragmentIndex
observable:freeSpace
observable:friendsCount
observable:from
observable:fromURLVisit
observable:fullValue
observable:geoLocationEntry
observable:geolocationAddress
observable:gid
observable:globalFlagList
observable:gpu
observable:gpuFamily
observable:groupName
observable:groups
observable:hasChanged
observable:hash
observable:hashes
observable:headerRaw
observable:hexadecimalValue
observable:hiveType
observable:homeDirectory
observable:host
observable:hostname
observable:httpMesageBodyLength
observable:httpMessageBodyData
observable:httpRequestHeader
observable:iComHandlerAction
observable:iEmailAction
observable:iExecAction
observable:iShowMessageAction
observable:icmpCode
observable:icmpType
observable:imageBase
observable:imageCompressionMethod
observable:imageName
observable:imageType
observable:impHash
observable:inReplyTo
observable:inetLocation
observable:inhibitAnyPolicy
observable:installDate
observable:ip
observable:ipAddress
observable:ipGateway
observable:ipfix
observable:isActive
observable:isDirectory
observable:isDisabled
observable:isEnabled
observable:isEncrypted
observable:isHidden
observable:isInjected
observable:isMapped
observable:isMimeEncoded
observable:isMultipart
observable:isNamed
observable:isOptimized
observable:isPrivate
observable:isPrivileged
observable:isProtected
observable:isRead
observable:isSecure
observable:isSelfSigned
observable:isServiceAccount
observable:isTLD
observable:isVolatile
observable:issuer
observable:issuerAlternativeName
observable:issuerHash
observable:key
observable:keyUsage
observable:keypadUnlockCode
observable:keywordSearchTerm
observable:labels
observable:language
observable:lastLoginTime
observable:lastName
observable:lastRun
observable:lastTimeContacted
observable:lastVisit
observable:length
observable:libraryType
observable:listedCount
observable:loaderFlags
observable:localTime
observable:location
observable:loginTime
observable:logoutTime
observable:lookupDate
observable:macAddress
observable:machine
observable:magic
observable:magicNumber
observable:majorImageVersion
observable:majorLinkerVersion
observable:majorOSVersion
observable:majorSubsystemVersion
observable:manuallyEnteredCount
observable:manufacturer
observable:maxRunTime
observable:message
observable:messageID
observable:messageText
observable:messageType
observable:messagingAddress
observable:metadataChangeTime
observable:mftFileID
observable:mftFileNameAccessedTime
observable:mftFileNameCreatedTime
observable:mftFileNameLength
observable:mftFileNameModifiedTime
observable:mftFileNameRecordChangeTime
observable:mftFlags
observable:mftParentID
observable:mftRecordChangeTime
observable:middleName
observable:mimeClass
observable:mimeType
observable:minorImageVersion
observable:minorLinkerVersion
observable:minorOSVersion
observable:minorSubsystemVersion
observable:mockLocationsAllowed
observable:model
observable:modifiedTime
observable:mostRecentRunTime
observable:mountPoint
observable:msProductID
observable:msProductName
observable:nameConstraints
observable:namePhonetic
observable:namePrefix
observable:nameServer
observable:nameSuffix
observable:netBIOSName
observable:network
observable:networkInterface
observable:newObject
observable:nextRunTime
observable:nickname
observable:ntfsHardLinkCount
observable:ntfsOwnerID
observable:ntfsOwnerSID
observable:number
observable:numberOfLaunches
observable:numberOfRVAAndSizes
observable:numberOfSections
observable:numberOfSubkeys
observable:numberOfSymbols
observable:numberTimesContacted
observable:objectGUID
observable:observableCreatedTime
observable:oldObject
observable:openFileDescriptor
observable:operatingSystem
observable:optionalHeader
observable:options
observable:organizationDepartment
observable:organizationLocation
observable:organizationPosition
observable:otherHeaders
observable:owner
observable:ownerSID
observable:pageTitle
observable:parameterAddress
observable:parameters
observable:parent
observable:participant
observable:partition
observable:partitionID
observable:partitionLength
observable:partitionOffset
observable:password
observable:passwordLastChanged
observable:passwordType
observable:path
observable:pdfId0
observable:pdfId1
observable:peType
observable:phoneActivationTime
observable:phoneNumber
observable:pictureHeight
observable:pictureType
observable:pictureWidth
observable:pid
observable:pointerToSymbolTable
observable:policyConstraints
observable:policyMappings
observable:port
observable:prefetchHash
observable:priority
observable:privateKeyUsagePeriodNotAfter
observable:privateKeyUsagePeriodNotBefore
observable:processorArchitecture
observable:profile
observable:profileAccount
observable:profileBackgroundHash
observable:profileBackgroundLocation
observable:profileBannerHash
observable:profileBannerLocation
observable:profileCreated
observable:profileIdentity
observable:profileImageHash
observable:profileImageLocation
observable:profileIsProtected
observable:profileIsVerified
observable:profileLanguage
observable:profileService
observable:profileWebsite
observable:properties
observable:propertyName
observable:protocols
observable:query
observable:rangeOffset
observable:rangeOffsetType
observable:rangeSize
observable:receivedLines
observable:receivedTime
observable:recurrence
observable:references
observable:referralURL
observable:referrerUrl
observable:regionEndAddress
observable:regionSize
observable:regionStartAddress
observable:regionalInternetRegistry
observable:registeredOrganization
observable:registeredOwner
observable:registrantContactInfo
observable:registrantIDs
observable:registrarGUID
observable:registrarID
observable:registrarInfo
observable:registrarName
observable:registryValues
observable:remarks
observable:remindTime
observable:requestMethod
observable:requestValue
observable:requestVersion
observable:rowCondition
observable:rowIndex
observable:ruid
observable:runningStatus
observable:scheme
observable:sectionAlignment
observable:sections
observable:sectorSize
observable:securityAttributes
observable:sender
observable:sentTime
observable:serialNumber
observable:serverName
observable:serviceName
observable:serviceStatus
observable:serviceType
observable:sessionID
observable:shell
observable:showMessageBody
observable:showMessageTitle
observable:sid
observable:signature
observable:signatureAlgorithm
observable:signatureDescription
observable:signatureExists
observable:signatureVerified
observable:sipAddress
observable:size
observable:sizeInBytes
observable:sizeOfCode
observable:sizeOfHeaders
observable:sizeOfHeapCommit
observable:sizeOfHeapReserve
observable:sizeOfImage
observable:sizeOfInitializedData
observable:sizeOfOptionalHeader
observable:sizeOfStackCommit
observable:sizeOfStackReserve
observable:sizeOfUninitializedData
observable:sourceApplication
observable:sourceFlags
observable:sourcePort
observable:spaceLeft
observable:spaceUsed
observable:sponsoringRegistrar
observable:src
observable:srcBytes
observable:srcPackets
observable:srcPayload
observable:ssid
observable:stackSize
observable:startAddress
observable:startCommandLine
observable:startTime
observable:startType
observable:startupInfo
observable:state
observable:status
observable:statusesCount
observable:storageCapacityInBytes
observable:stringValue
observable:strings
observable:subject
observable:subjectAlternativeName
observable:subjectDirectoryAttributes
observable:subjectHash
observable:subjectKeyIdentifier
observable:subjectPublicKeyAlgorithm
observable:subjectPublicKeyExponent
observable:subjectPublicKeyModulus
observable:subsystem
observable:swid
observable:symbolicName
observable:systemTime
observable:tableName
observable:targetFile
observable:taskComment
observable:taskCreator
observable:text
observable:threadID
observable:thumbprintHash
observable:timeDateStamp
observable:timesExecuted
observable:timezoneDST
observable:timezoneStandard
observable:to
observable:totalFragments
observable:totalRam
observable:totalSpace
observable:triggerBeginTime
observable:triggerDelay
observable:triggerEndTime
observable:triggerFrequency
observable:triggerList
observable:triggerMaxRunTime
observable:triggerSessionChangeType
observable:triggerType
observable:twitterHandle
observable:twitterId
observable:updatedDate
observable:uptime
observable:url
observable:urlHistoryEntry
observable:urlTargeted
observable:urlTransitionType
observable:userLocationString
observable:userName
observable:validityNotAfter
observable:validityNotBefore
observable:value
observable:values
observable:version
observable:visibility
observable:visitCount
observable:visitDuration
observable:visitTime
observable:volume
observable:volumeID
observable:whoisContactType
observable:whoisServer
observable:win32VersionValue
observable:windowTitle
observable:windowsDirectory
observable:windowsSystemDirectory
observable:windowsTempDirectory
observable:windowsVolumeAttributes
observable:workItemData
observable:workingDirectory
observable:x509v3extensions
observable:xMailer
observable:xOriginatingIP
pattern:patternExpression
tool:buildConfiguration
tool:buildID
tool:buildInformation
tool:buildLabel
tool:buildOutputLog
tool:buildProject
tool:buildScript
tool:buildUtility
tool:buildUtilityName
tool:buildVersion
tool:compilationDate
tool:compilerInformalDescription
tool:compilers
tool:configurationSettingDescription
tool:configurationSettings
tool:cpeid
tool:creator
tool:dependencies
tool:dependencyDescription
tool:dependencyType
tool:itemDescription
tool:itemName
tool:itemType
tool:itemValue
tool:libraries
tool:libraryName
tool:libraryVersion
tool:references
tool:servicePack
tool:swid
tool:toolType
tool:usageContextAssumptions
tool:version
types:entry
types:hashMethod
types:hashValue
types:key
types:value
Shapes (384)
action:Action
action:ActionArgumentFacet
action:ActionEstimationFacet
action:ActionFrequencyFacet
action:ActionLifecycle
action:ActionPattern
action:ActionReferencesFacet
action:ArrayOfAction
core:Annotation
core:Assertion
core:AttributedName
core:Bundle
core:Compilation
core:ConfidenceFacet
core:ContextualCompilation
core:ControlledVocabulary
core:EnclosingCompilation
core:ExternalReference
core:Facet
core:Grouping
core:IdentityAbstraction
core:Item
core:MarkingDefinitionAbstraction
core:ModusOperandi
core:Relationship
core:UcoObject
identity:AddressFacet
identity:AffiliationFacet
identity:BirthInformationFacet
identity:CountryOfResidenceFacet
identity:EventsFacet
identity:IdentifierFacet
identity:Identity
identity:IdentityFacet
identity:LanguagesFacet
identity:NationalityFacet
identity:OccupationFacet
identity:Organization
identity:OrganizationDetailsFacet
identity:Person
identity:PersonalDetailsFacet
identity:PhysicalInfoFacet
identity:QualificationFacet
identity:RelatedIdentityFacet
identity:SimpleNameFacet
identity:VisaFacet
investigation:Attorney
investigation:Authorization
investigation:Examiner
investigation:ExaminerActionLifecylce
investigation:Investigation
investigation:InvestigativeAction
investigation:Investigator
investigation:ProvenanceRecord
investigation:Subject
investigation:SubjectActionLifecycle
investigation:VictimActionLifecycle
location:GPSCoordinatesFacet
location:LatLongCoordinatesFacet
location:Location
location:SimpleAddressFacet
marking:GranularMarking
marking:LicenseMarking
marking:MarkingDefinition
marking:MarkingModel
marking:ReleaseToMarking
marking:StatementMarking
marking:TermsOfUseMarking
observable:API
observable:ARPCache
observable:ARPCacheEntry
observable:Account
observable:AccountAuthenticationFacet
observable:AccountFacet
observable:Address
observable:AlternateDataStream
observable:Appliance
observable:Application
observable:ApplicationAccount
observable:ApplicationAccountFacet
observable:ApplicationFacet
observable:ArchiveFile
observable:ArchiveFileFacet
observable:AttachmentFacet
observable:Audio
observable:AudioFacet
observable:AutonomousSystem
observable:AutonomousSystemFacet
observable:BlockDeviceNode
observable:BluetoothAddress
observable:BluetoothAddressFacet
observable:BotConfiguration
observable:BrowserBookmark
observable:BrowserBookmarkFacet
observable:BrowserCookie
observable:BrowserCookieFacet
observable:Calendar
observable:CalendarEntry
observable:CalendarEntryFacet
observable:CalendarFacet
observable:CharacterDeviceNode
observable:Code
observable:CompressedStreamFacet
observable:ComputerSpecification
observable:ComputerSpecificationFacet
observable:Contact
observable:ContactAddress
observable:ContactAffiliation
observable:ContactEmail
observable:ContactFacet
observable:ContactList
observable:ContactListFacet
observable:ContactMessaging
observable:ContactPhone
observable:ContactProfile
observable:ContactSIP
observable:ContactURL
observable:ContentData
observable:ContentDataFacet
observable:CookieHistory
observable:Credential
observable:CredentialDump
observable:DNSCache
observable:DNSRecord
observable:DataRangeFacet
observable:DefinedEffectFacet
observable:Device
observable:DeviceFacet
observable:DigitalAccount
observable:DigitalAccountFacet
observable:DigitalAddress
observable:DigitalAddressFacet
observable:DigitalSignatureInfo
observable:DigitalSignatureInfoFacet
observable:Directory
observable:Disk
observable:DiskFacet
observable:DiskPartition
observable:DiskPartitionFacet
observable:DomainName
observable:DomainNameFacet
observable:EXIFFacet
observable:EmailAccount
observable:EmailAccountFacet
observable:EmailAddress
observable:EmailAddressFacet
observable:EmailMessage
observable:EmailMessageFacet
observable:EncodedStreamFacet
observable:EncryptedStreamFacet
observable:EnvironmentVariable
observable:Event
observable:EventFacet
observable:EventLog
observable:ExtInodeFacet
observable:ExtractedString
observable:ExtractedStringsFacet
observable:File
observable:FileFacet
observable:FilePermissionsFacet
observable:FileSystem
observable:FileSystemFacet
observable:FileSystemObject
observable:ForumPost
observable:ForumPrivateMessage
observable:FragmentFacet
observable:GUI
observable:GenericObservableObject
observable:GeoLocationEntry
observable:GeoLocationEntryFacet
observable:GeoLocationLog
observable:GeoLocationLogFacet
observable:GeoLocationTrack
observable:GeoLocationTrackFacet
observable:GlobalFlagType
observable:HTTPConnection
observable:HTTPConnectionFacet
observable:Hostname
observable:ICMPConnection
observable:ICMPConnectionFacet
observable:IComHandlerActionType
observable:IExecActionType
observable:IPAddress
observable:IPAddressFacet
observable:IPNetmask
observable:IPv4Address
observable:IPv4AddressFacet
observable:IPv6Address
observable:IPv6AddressFacet
observable:IShowMessageActionType
observable:Image
observable:ImageFacet
observable:InstantMessagingAddress
observable:InstantMessagingAddressFacet
observable:Junction
observable:Library
observable:LibraryFacet
observable:MACAddress
observable:MACAddressFacet
observable:Memory
observable:MemoryFacet
observable:Message
observable:MessageFacet
observable:MessageThread
observable:MessageThreadFacet
observable:MftRecordFacet
observable:MimePartType
observable:MobileAccount
observable:MobileAccountFacet
observable:MobileDevice
observable:MobileDeviceFacet
observable:Mutex
observable:MutexFacet
observable:NTFSFile
observable:NTFSFileFacet
observable:NTFSFilePermissionsFacet
observable:NamedPipe
observable:NetworkAppliance
observable:NetworkConnection
observable:NetworkConnectionFacet
observable:NetworkFlow
observable:NetworkFlowFacet
observable:NetworkInterface
observable:NetworkInterfaceFacet
observable:NetworkProtocol
observable:NetworkRoute
observable:NetworkSubnet
observable:Note
observable:NoteFacet
observable:Observable
observable:ObservableAction
observable:ObservableObject
observable:ObservablePattern
observable:ObservableRelationship
observable:Observation
observable:OnlineService
observable:OnlineServiceFacet
observable:OperatingSystem
observable:OperatingSystemFacet
observable:PDFFile
observable:PDFFileFacet
observable:PathRelationFacet
observable:PaymentCard
observable:PhoneAccount
observable:PhoneAccountFacet
observable:PhoneCall
observable:PhoneCallFacet
observable:Pipe
observable:Post
observable:Process
observable:ProcessFacet
observable:Profile
observable:ProfileFacet
observable:PropertiesEnumeratedEffectFacet
observable:PropertyReadEffectFacet
observable:RasterPicture
observable:RasterPictureFacet
observable:ReparsePoint
observable:SIMCard
observable:SIMCardFacet
observable:SIPAddress
observable:SIPAddressFacet
observable:SMSMessage
observable:SMSMessageFacet
observable:SQLiteBlob
observable:SQLiteBlobFacet
observable:SecurityAppliance
observable:Semaphore
observable:SendControlCodeEffectFacet
observable:ShopListing
observable:Snapshot
observable:Socket
observable:SocketAddress
observable:Software
observable:SoftwareFacet
observable:StateChangeEffectFacet
observable:SymbolicLink
observable:SymbolicLinkFacet
observable:TCPConnection
observable:TCPConnectionFacet
observable:TaskActionType
observable:Thread
observable:TriggerType
observable:Tweet
observable:TwitterProfileFacet
observable:UNIXAccount
observable:UNIXAccountFacet
observable:UNIXFile
observable:UNIXFilePermissionsFacet
observable:UNIXProcess
observable:UNIXProcessFacet
observable:UNIXVolumeFacet
observable:URL
observable:URLFacet
observable:URLHistory
observable:URLHistoryEntry
observable:URLHistoryFacet
observable:URLVisit
observable:URLVisitFacet
observable:UserAccount
observable:UserAccountFacet
observable:UserSession
observable:UserSessionFacet
observable:ValuesEnumeratedEffectFacet
observable:Volume
observable:VolumeFacet
observable:WebPage
observable:WhoIs
observable:WhoIsFacet
observable:WhoisContactFacet
observable:WhoisRegistrarInfoType
observable:WifiAddress
observable:WifiAddressFacet
observable:Wiki
observable:WikiArticle
observable:WindowsAccount
observable:WindowsAccountFacet
observable:WindowsActiveDirectoryAccount
observable:WindowsActiveDirectoryAccountFacet
observable:WindowsComputerSpecification
observable:WindowsComputerSpecificationFacet
observable:WindowsCriticalSection
observable:WindowsEvent
observable:WindowsFilemapping
observable:WindowsHandle
observable:WindowsHook
observable:WindowsMailslot
observable:WindowsNetworkShare
observable:WindowsPEBinaryFile
observable:WindowsPEBinaryFileFacet
observable:WindowsPEFileHeader
observable:WindowsPEOptionalHeader
observable:WindowsPESection
observable:WindowsPrefetch
observable:WindowsPrefetchFacet
observable:WindowsProcess
observable:WindowsProcessFacet
observable:WindowsRegistryHive
observable:WindowsRegistryHiveFacet
observable:WindowsRegistryKey
observable:WindowsRegistryKeyFacet
observable:WindowsRegistryValue
observable:WindowsService
observable:WindowsServiceFacet
observable:WindowsSystemRestore
observable:WindowsTask
observable:WindowsTaskFacet
observable:WindowsThread
observable:WindowsThreadFacet
observable:WindowsVolumeFacet
observable:WindowsWaitableTime
observable:WirelessNetworkConnection
observable:WirelessNetworkConnectionFacet
observable:X509Certificate
observable:X509CertificateFacet
observable:X509V3Certificate
observable:X509V3ExtensionsFacet
pattern:LogicalPattern
pattern:Pattern
pattern:PatternExpression
role:BenevolentRole
role:MaliciousRole
role:NeutralRole
role:Role
tool:AnalyticTool
tool:BuildConfigurationType
tool:BuildFacet
tool:BuildInformationType
tool:BuildUtilityType
tool:CompilerType
tool:ConfigurationSettingType
tool:DefensiveTool
tool:DependencyType
tool:LibraryType
tool:MaliciousTool
tool:Tool
tool:ToolConfigurationTypeFacet
types:ControlledDictionary
types:ControlledDictionaryEntry
types:Dictionary
types:DictionaryEntry
types:Hash
victim:Victim
victim:VictimTargeting