class Service(Entity): _category_ = 'Infrastructure' name = StringEntityField('service.name', display_name='Description', is_value=True) banner = StringEntityField('banner.text', display_name='Service Banner') ports = StringEntityField('port.number', display_name='Ports')
class Hash(Observable): _category_ = 'Yeti' _namespace_ = 'Yetigo' malicious = StringEntityField('Malicious', display_name='Malicious') undetected = StringEntityField('Undetected', display_name='Undetected') suspicious = StringEntityField('Suspicious', display_name='Suspicious') magic = StringEntityField('Magic', display_name='Magic')
class URL(Entity): _category_ = 'Infrastructure' short_title = StringEntityField('short-title', display_name='Short title', is_value=True, alias='maltego.v2.value.property') url = StringEntityField('url', display_name='URL', alias='theurl') title = StringEntityField('title', display_name='Title', alias='fulltitle')
class TrackingCode(Entity): _alias_ = 'maltego.UniqueIdentifier' _category_ = 'Infrastructure' unique_identifier = StringEntityField('properties.uniqueidentifier', display_name='Uniqueidentifier', is_value=True) identifier_type = StringEntityField('identifierType', display_name='Identifier Type')
class Observable(Entity): _category_ = 'Yeti' _namespace_ = 'Yetigo' observable = StringEntityField('Observable', display_name='Observable') type_obs = StringEntityField('type', display_name='type') tags = ArrayEntityField('Tags', display_name='Tags') context = StringEntityField('Context', display_name='Context') source = StringEntityField('Source', display_name='Source')
class Twitter(Affiliation): _alias_ = 'AffiliationTwitter' number = IntegerEntityField('twitter.number', display_name='Twitter Number') screenname = StringEntityField('twitter.screen-name', display_name='Screen Name') friendcount = IntegerEntityField('twitter.friendcount', display_name='Friend Count') fullname = StringEntityField('person.fullname', display_name='Real Name')
class MISPEvent(Entity): _category_ = 'MISP' _namespace_ = 'misp' icon_url = 'file://MISP_maltego/resources/images/MISPEvent.png' uuid = StringEntityField('uuid', display_name='UUID', matching_rule=MatchingRule.Loose) id = IntegerEntityField('id', display_name='id', is_value=True) # date = DateEntityField('type.date', display_name='Event date') info = StringEntityField('info', display_name='Event info', matching_rule=MatchingRule.Loose)
class IPv4Address(Entity): _category_ = 'Infrastructure' _namespace_ = 'maltego' # Main properties ---------------------------// host_id = IntegerEntityField('id', display_name='Host ID') workspace_id = IntegerEntityField('workspace_id', display_name='Workspace ID') # Icon Properties ---------------------------// origin_tool = StringEntityField('origin_tool', display_name='Origin Tool', decorator=getOriginTool) tool_icon = StringEntityField('tool_icon', display_name='Tool Icon')
class MISPObject(Entity): _category_ = 'MISP' _namespace_ = 'misp' icon_url = 'file://MISP_maltego/resources/images/MISPObject.png' uuid = StringEntityField('uuid', display_name='UUID') event_id = IntegerEntityField('event_id', display_name='Event ID') name = StringEntityField('name', display_name='Name', is_value=True) meta_category = StringEntityField('meta_category', display_name='Meta Category') description = StringEntityField('description', display_name='Description') comment = StringEntityField('comment', display_name='Comment')
class MISPObject(Entity): _category_ = 'MISP' _namespace_ = 'misp' icon_url = 'file://MISP_maltego/resources/images/MISPObject.png' uuid = StringEntityField('uuid', display_name='UUID') event_id = IntegerEntityField('event_id', display_name='Event ID') # LATER remove this once MISP provides objects correctly when requesting only the object. See https://github.com/MISP/MISP/issues/3801 name = StringEntityField('name', display_name='Name', is_value=True) meta_category = StringEntityField('meta_category', display_name='Meta Category', matching_rule=MatchingRule.Loose) description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose) comment = StringEntityField('comment', display_name='Comment', matching_rule=MatchingRule.Loose)
class Person(Entity): _category_ = 'Personal' fullname = StringEntityField('person.fullname', display_name='Full Name', is_value=True) lastname = StringEntityField('person.lastname', display_name='Surname', alias='lastname') firstnames = StringEntityField('person.firstnames', display_name='First Names', alias='firstname')
class Document(Entity): _category_ = 'Personal' url = StringEntityField('url', display_name='URL', alias='link', is_value=True) title = StringEntityField('title', display_name='Title', alias='maltego.v2.value.property') metadata = StringEntityField('document.metadata', display_name='Meta-Data', alias='metainfo')
class Hash(Entity): _category_ = 'Malware' hash = StringEntityField('properties.hash', display_name='Hash', is_value=True) type = StringEntityField('type', display_name='Hash Type') owner = StringEntityField('owner', display_name='Owner') before = DateEntityField('before', display_name='Before') after = DateEntityField('after', display_name='After') included_media_types = StringEntityField( 'includeMediaType', display_name='Included Media Types') excluded_media_types = StringEntityField( 'excludeMediaType', display_name='Excluded Media Types')
class Affiliation(Entity): _category_ = 'Social Network' _namespace_ = 'maltego.affiliation' person_name = StringEntityField('person.name', display_name='Name', is_value=True) uid = StringEntityField('affiliation.uid', display_name='UID', alias='uid') network = StringEntityField('affiliation.network', display_name='Network', alias='network') profile_url = StringEntityField('affiliation.profile-url', display_name='Profile URL', alias='profile_url')
class Netblock(Entity): _category_ = 'Infrastructure' _namespace_ = 'maltego' # Main properties ---------------------------// name = StringEntityField('name', display_name='Workspace Name', description='The name of the workspace. This is the unique identifier \ for determining which workspace is being accessed.') workspace_id = IntegerEntityField('workspace_id', display_name='ID', description='The primary key used to identify this object in the database.') boundary = StringEntityField('boundary', display_name='Boundary', description='Comma separated list of IP ranges (in various formats) \ and IP addresses that users of this workspace are allowed to interact \ with if limit_to_network is true.') description = StringEntityField('description', display_name='Description', description='Long description that explains the purpose of this workspace.') owner_id = StringEntityField('owner_id', display_name='Owner ID', description='ID of the user who owns this workspace.') limit_to_network = BooleanEntityField('limit_to_network', display_name='Limit to Network', description='true to restrict the hosts and services in this workspace \ to the IP addresses listed in boundary') import_fingerprint = BooleanEntityField('import_fingerprint', display_name='Import fingerprint', description='Identifier that indicates if and where this workspace was imported from.') created_at = StringEntityField('created_at', display_name='Created at') updated_at = StringEntityField('updated_at', display_name='Updated at') # Icon Properties ---------------------------// origin_tool = StringEntityField('origin_tool', display_name='Origin Tool', decorator=getOriginTool) tool_icon = StringEntityField('tool_icon', display_name='Tool Icon')
class GPS(Entity): _category_ = 'Locations' gps = StringEntityField('properties.gps', display_name='GPS Co-ordinate', is_value=True) latitude = FloatEntityField('latitude', display_name='Latitude') longitude = FloatEntityField('longitude', display_name='Longitude')
class SourceYeti(Phrase): _category_ = 'Yeti' _namespace_ = 'Yetigo' link = StringEntityField('link', display_name='link', matching_rule=MatchingRule.Loose)
class CircularArea(Entity): _category_ = 'Locations' area_circular = StringEntityField('area.circular', display_name='Circular Area', is_value=True) latitude = FloatEntityField('latitude', display_name='Latitude') longitude = FloatEntityField('longitude', display_name='Longitude') radius = IntegerEntityField('radius', display_name='Radius (m)')
class PhoneNumber(Entity): _category_ = 'Personal' phonenumber = StringEntityField('phonenumber', display_name='Phone Number', is_value=True) areacode = StringEntityField('phonenumber.areacode', display_name='Area Code', alias='areacode') lastnumbers = StringEntityField('phonenumber.lastnumbers', display_name='Last Digits', alias='lastnumbers') citycode = StringEntityField('phonenumber.citycode', display_name='City Code', alias='citycode') countrycode = StringEntityField('phonenumber.countrycode', display_name='Country Code', alias='countrycode')
class IPv4Address(Entity): _category_ = 'Infrastructure' _alias_ = 'IPAddress' ipv4address = StringEntityField('ipv4-address', display_name='IP Address', is_value=True) internal = BooleanEntityField('ipaddress.internal', display_name='Internal')
class Tweet(Entity): _category = "Social Network" tweet = StringEntityField('twit.name', display_name='Tweet', is_value=True) tweet_id = StringEntityField('id', display_name='Tweet ID') author = StringEntityField('author', display_name='Author') author_uri = StringEntityField('author_uri', display_name='Author URI') content = StringEntityField('content', display_name='Content') image_link = StringEntityField('imglink', display_name='Image Link') date_published = StringEntityField('pubdate', display_name='Date published') title = StringEntityField('title', display_name='Title')
class TestEntity(Entity): str = StringEntityField('type.str') int = IntegerEntityField('type.int') float = FloatEntityField('type.float') bool = BooleanEntityField('type.bool') enum = EnumEntityField('type.enum', choices=[2, 1, 0]) date = DateEntityField('type.date') datetime = DateTimeEntityField('type.datetime') timespan = TimeSpanEntityField('type.timespan') color = ColorEntityField('type.color')
class Twit(Entity): _category_ = 'Social Network' name = StringEntityField('twit.name', display_name='Twit', is_value=True) content = StringEntityField('content', display_name='Content') pubdate = StringEntityField('pubdate', display_name='Date published') img_link = StringEntityField('img_link', display_name='Image Link', alias='imglink') author = StringEntityField('author', display_name='Author') title = StringEntityField('title', display_name='Title') author_uri = StringEntityField('author_uri', display_name='Author URI') id = StringEntityField('id', display_name='Twit ID')
class MISPGalaxy(Entity): _category_ = 'MISP' _namespace_ = 'misp' uuid = StringEntityField('uuid', display_name='UUID', matching_rule=MatchingRule.Loose) name = StringEntityField('name', display_name='Name', is_value=True, matching_rule=MatchingRule.Loose) description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose) cluster_type = StringEntityField('galaxy_type', display_name='Type', matching_rule=MatchingRule.Loose) cluster_value = StringEntityField('value', display_name='Value', matching_rule=MatchingRule.Loose) synonyms = StringEntityField('synonyms', display_name='Synonyms', matching_rule=MatchingRule.Loose) tag_name = StringEntityField('tag_name', display_name='Tag')
class MISPEvent(Entity): _category_ = 'MISP' _namespace_ = 'misp' icon_url = 'file://MISP_maltego/resources/images/MISPEvent.png' uuid = StringEntityField('uuid', display_name='UUID', matching_rule=MatchingRule.Loose) id = IntegerEntityField('id', display_name='id', is_value=True) # date = DateEntityField('type.date', display_name='Event date') info = StringEntityField('info', display_name='Event info', matching_rule=MatchingRule.Loose) # threat_level = EnumEntityField('type.enum', choices=['Undefined', 'Low', 'Medium', 'High'], display_name='Threat Level') # analysis = EnumEntityField('type.enum', choices=['Initial', 'Ongoing', 'Completed']) # org = StringEntityField('type.str', display_name='Organisation') count_attributes = IntegerEntityField('count_attributes', display_name="# attributes", matching_rule=MatchingRule.Loose) count_objects = IntegerEntityField('count_objects', display_name="# objects", matching_rule=MatchingRule.Loose)
class TwitterUserList(Entity): _category_ = "Social Network" name = StringEntityField('twitter.list.name', display_name='Name', is_value=True) full_name = StringEntityField('twitter.list.fullname', display_name='Full Name') id_ = StringEntityField('twitter.list.id', display_name='ID') description = StringEntityField('twitter.list.description', display_name='Description') member_count = StringEntityField('twitter.list.members', display_name='Member Count') subscriber_count = StringEntityField('twitter.list.subscribers', display_name='Subscriber Count') slug = StringEntityField('twitter.list.slug', display_name='Slug') uri = StringEntityField('twitter.list.uri', display_name='URI')
class Location(Entity): _category_ = 'Locations' name = StringEntityField('location.name', display_name='Name', is_value=True) city = StringEntityField('city', display_name='City') countrycode = StringEntityField('countrycode', display_name='Country Code', alias='countrysc') area = StringEntityField('location.area', display_name='Area', alias='area') country = StringEntityField('country', display_name='Country') longitude = FloatEntityField('longitude', display_name='Longitude', alias='long') latitude = FloatEntityField('latitude', display_name='Latitude', alias='lat') streetaddress = StringEntityField('streetaddress', display_name='Street Address') areacode = StringEntityField('location.areacode', display_name='Area Code')
class Tactic(Entity): name = StringEntityField('Tactic.name', display_name='Tactic name', is_value=True, description='Tactic')
class Technique(Entity): name = StringEntityField('Technique.name', display_name='Technique name', is_value=True, description='Technique')
class Tools(Entity): name = StringEntityField('Tools.name', display_name='Tools name', is_value=True, description='Tools')