mirror of https://github.com/MISP/MISP
new: Added phone-number attribute type
- Just the yugest attribute types for @rommelfspull/2451/merge
parent
f01a5c56bb
commit
73b47eda82
|
@ -155,6 +155,7 @@ class Attribute extends AppModel {
|
|||
'bin' => array('desc' => 'Bank Identification Number', 'default_category' => 'Financial fraud', 'to_ids' => 1),
|
||||
'cc-number' => array('desc' => 'Credit-Card Number', 'default_category' => 'Financial fraud', 'to_ids' => 1),
|
||||
'prtn' => array('desc' => 'Premium-Rate Telephone Number', 'default_category' => 'Financial fraud', 'to_ids' => 1),
|
||||
'phone-number' => array('desc' => 'Telephone Number', 'default_category' => 'Person', 'to_ids' => 0),
|
||||
'threat-actor' => array('desc' => 'A string identifying the threat actor', 'default_category' => 'Attribution', 'to_ids' => 0),
|
||||
'campaign-name' => array('desc' => 'Associated campaign name', 'default_category' => 'Attribution', 'to_ids' => 0),
|
||||
'campaign-id' => array('desc' => 'Associated campaign ID', 'default_category' => 'Attribution', 'to_ids' => 0),
|
||||
|
@ -305,7 +306,7 @@ class Attribute extends AppModel {
|
|||
'Financial fraud' => array(
|
||||
'desc' => 'Financial Fraud indicators',
|
||||
'formdesc' => 'Financial Fraud indicators, for example: IBAN Numbers, BIC codes, Credit card numbers, etc.',
|
||||
'types' => array('btc', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'comment', 'text', 'other', 'hex'),
|
||||
'types' => array('btc', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number', 'comment', 'text', 'other', 'hex'),
|
||||
),
|
||||
'Support Tool' => array(
|
||||
'desc' => 'Tools supporting analysis or detection of the event',
|
||||
|
@ -318,11 +319,11 @@ class Attribute extends AppModel {
|
|||
),
|
||||
'Person' => array(
|
||||
'desc' => 'A human being - natural person',
|
||||
'types' => array('first-name', 'middle-name', 'last-name', 'date-of-birth', 'place-of-birth', 'gender', 'passport-number', 'passport-country', 'passport-expiration', 'redress-number', 'nationality', 'visa-number', 'issue-date-of-the-visa', 'primary-residence', 'country-of-residence', 'special-service-request', 'frequent-flyer-number', 'travel-details', 'payment-details', 'place-port-of-original-embarkation', 'place-port-of-clearance', 'place-port-of-onward-foreign-destination', 'passenger-name-record-locator-number', 'comment', 'text', 'other')
|
||||
'types' => array('first-name', 'middle-name', 'last-name', 'date-of-birth', 'place-of-birth', 'gender', 'passport-number', 'passport-country', 'passport-expiration', 'redress-number', 'nationality', 'visa-number', 'issue-date-of-the-visa', 'primary-residence', 'country-of-residence', 'special-service-request', 'frequent-flyer-number', 'travel-details', 'payment-details', 'place-port-of-original-embarkation', 'place-port-of-clearance', 'place-port-of-onward-foreign-destination', 'passenger-name-record-locator-number', 'comment', 'text', 'other', 'phone-number')
|
||||
),
|
||||
'Other' => array(
|
||||
'desc' => 'Attributes that are not part of any other category or are meant to be used as a component in MISP objects in the future',
|
||||
'types' => array('comment', 'text', 'other', 'size-in-bytes', 'counter', 'datetime', 'cpe', 'port', 'float', 'hex')
|
||||
'types' => array('comment', 'text', 'other', 'size-in-bytes', 'counter', 'datetime', 'cpe', 'port', 'float', 'hex', 'phone-number')
|
||||
)
|
||||
);
|
||||
|
||||
|
@ -366,7 +367,7 @@ class Attribute extends AppModel {
|
|||
public $typeGroupings = array(
|
||||
'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy','authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash', 'malware-sample', 'x509-fingerprint-sha1'),
|
||||
'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-traffic', 'x509-fingerprint-sha1'),
|
||||
'financial' => array('btc', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn')
|
||||
'financial' => array('btc', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number')
|
||||
);
|
||||
|
||||
public $order = array("Attribute.event_id" => "DESC");
|
||||
|
@ -1040,6 +1041,7 @@ class Attribute extends AppModel {
|
|||
case 'bank-account-nr':
|
||||
case 'aba-rtn':
|
||||
case 'prtn':
|
||||
case 'phone-number':
|
||||
case 'whois-registrant-phone':
|
||||
if (is_numeric($value)) {
|
||||
$returnValue = true;
|
||||
|
@ -1119,6 +1121,7 @@ class Attribute extends AppModel {
|
|||
break;
|
||||
case 'prtn':
|
||||
case 'whois-registrant-phone':
|
||||
case 'phone-number':
|
||||
if (substr($value, 0, 1) == '+') $value = '00' . substr($value, 1);
|
||||
$value = preg_replace('/[^0-9]+/', '', $value);
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue