2017-09-24 21:21:33 +02:00
|
|
|
{
|
|
|
|
"attributes": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"classification": {
|
|
|
|
"description": "The type of entity being targeted.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"sane_default": [
|
|
|
|
"individual",
|
|
|
|
"group",
|
|
|
|
"organization",
|
|
|
|
"class",
|
|
|
|
"unknown"
|
|
|
|
],
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
2017-09-24 21:21:33 +02:00
|
|
|
"description": {
|
|
|
|
"description": "Description of the victim",
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
2017-09-24 21:21:33 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"domain": {
|
|
|
|
"description": "Domain name of the organisation targeted.",
|
|
|
|
"misp-attribute": "domain",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"email": {
|
|
|
|
"description": "The email address(es) of the user targeted.",
|
|
|
|
"misp-attribute": "target-email",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-12-04 10:48:01 +01:00
|
|
|
},
|
|
|
|
"external": {
|
|
|
|
"description": "External target organisations affected by this attack.",
|
|
|
|
"misp-attribute": "target-external",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"ip-address": {
|
|
|
|
"description": "IP address(es) of the node targeted.",
|
|
|
|
"misp-attribute": "ip-dst",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"name": {
|
|
|
|
"description": "The name of the department(s) or organisation(s) targeted.",
|
|
|
|
"misp-attribute": "target-org",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"node": {
|
|
|
|
"description": "Name(s) of node that was targeted.",
|
|
|
|
"misp-attribute": "target-machine",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-09-24 21:21:33 +02:00
|
|
|
},
|
2020-03-09 16:32:18 +01:00
|
|
|
"reference": {
|
|
|
|
"description": "External reference to the victim/case.",
|
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2020-03-09 16:32:18 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"regions": {
|
|
|
|
"description": "The list of regions or locations from the victim targeted. ISO 3166 should be used.",
|
|
|
|
"misp-attribute": "target-location",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-09-24 21:21:33 +02:00
|
|
|
},
|
|
|
|
"roles": {
|
|
|
|
"description": "The list of roles targeted within the victim.",
|
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
2017-09-24 21:21:33 +02:00
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"sectors": {
|
|
|
|
"description": "The list of sectors that the victim belong to",
|
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
2017-09-24 21:21:33 +02:00
|
|
|
"sane_default": [
|
2023-12-05 18:25:32 +01:00
|
|
|
"academia - university",
|
2017-09-24 21:21:33 +02:00
|
|
|
"aerospace",
|
2023-02-01 17:40:24 +01:00
|
|
|
"agriculture",
|
2017-09-24 21:21:33 +02:00
|
|
|
"automotive",
|
|
|
|
"communications",
|
|
|
|
"construction",
|
|
|
|
"defence",
|
2023-12-05 17:50:38 +01:00
|
|
|
"dissident",
|
2017-09-24 21:21:33 +02:00
|
|
|
"education",
|
|
|
|
"energy",
|
|
|
|
"engineering",
|
|
|
|
"entertainment",
|
2017-12-04 15:28:29 +01:00
|
|
|
"financial services",
|
|
|
|
"government local",
|
2023-02-01 17:40:24 +01:00
|
|
|
"government national",
|
2017-12-04 15:28:29 +01:00
|
|
|
"government public services",
|
2023-02-01 17:40:24 +01:00
|
|
|
"government regional",
|
2017-09-24 21:21:33 +02:00
|
|
|
"healthcare",
|
2017-12-04 15:28:29 +01:00
|
|
|
"hospitality leisure",
|
2023-02-01 17:56:32 +01:00
|
|
|
"information and cultural industries",
|
2017-09-24 21:21:33 +02:00
|
|
|
"infrastructure",
|
|
|
|
"insurance",
|
2023-12-05 17:50:38 +01:00
|
|
|
"international organization",
|
2023-01-04 18:10:18 +01:00
|
|
|
"legal",
|
2017-09-24 21:21:33 +02:00
|
|
|
"manufacturing",
|
|
|
|
"mining",
|
2017-12-04 15:28:29 +01:00
|
|
|
"non profit",
|
2017-09-24 21:21:33 +02:00
|
|
|
"pharmaceuticals",
|
2023-12-05 17:50:38 +01:00
|
|
|
"political party",
|
2017-09-24 21:21:33 +02:00
|
|
|
"retail",
|
|
|
|
"technology",
|
|
|
|
"telecommunications",
|
2023-12-05 17:50:38 +01:00
|
|
|
"think tank",
|
2017-09-24 21:21:33 +02:00
|
|
|
"transportation",
|
|
|
|
"utilities"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
2017-09-24 21:21:33 +02:00
|
|
|
"ui-priority": 1
|
2017-12-04 10:48:01 +01:00
|
|
|
},
|
|
|
|
"user": {
|
|
|
|
"description": "The username(s) of the user targeted.",
|
|
|
|
"misp-attribute": "target-user",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
2017-09-24 21:21:33 +02:00
|
|
|
}
|
|
|
|
},
|
|
|
|
"description": "Victim object describes the target of an attack or abuse.",
|
|
|
|
"meta-category": "misc",
|
2020-04-26 02:10:02 +02:00
|
|
|
"name": "victim",
|
|
|
|
"requiredOneOf": [
|
|
|
|
"name",
|
|
|
|
"regions",
|
|
|
|
"sectors"
|
|
|
|
],
|
2017-09-24 21:21:33 +02:00
|
|
|
"uuid": "a8806e40-39ad-435f-be02-ac2a13d6fc7d",
|
2023-12-05 20:58:22 +01:00
|
|
|
"version": 9
|
|
|
|
}
|