2019-06-01 10:04:46 +02:00
{
2019-11-08 15:35:14 +01:00
"required" : [
2019-06-01 10:04:46 +02:00
"shell-command"
] ,
"attributes" : {
"script" : {
"description" : "Free text of the script if available which executed the shell commands." ,
"ui-priority" : 10 ,
"misp-attribute" : "text"
} ,
"comment" : {
"description" : "Comment associated to the shell commands executed." ,
"ui-priority" : 1 ,
"misp-attribute" : "text"
} ,
"language" : {
"description" : "Scripting language used for the shell commands executed." ,
"ui-priority" : 9 ,
"misp-attribute" : "text" ,
"disable_correlation" : true ,
"sane_default" : [
"PowerShell" ,
"VBScript" ,
"Bash" ,
"Lua" ,
"JavaScript" ,
"AppleScript" ,
"AWK" ,
"Python" ,
"Perl" ,
"Ruby" ,
"Winbatch" ,
"AutoIt" ,
"PHP"
]
} ,
"shell-command" : {
"description" : "" ,
"ui-priority" : 0 ,
"misp-attribute" : "text" ,
"multiple" : true
} ,
"state" : {
"misp-attribute" : "text" ,
"ui-priority" : 0 ,
"description" : "Known state of the script." ,
"multiple" : true ,
"disable_correlation" : true ,
"values_list" : [
"Malicious" ,
"Unknown" ,
"Harmless" ,
"Trusted"
]
}
} ,
2019-11-08 15:35:14 +01:00
"version" : 2 ,
2019-06-01 10:04:46 +02:00
"description" : "Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands." ,
"meta-category" : "misc" ,
"uuid" : "fee65efa-eb64-4516-8611-1db76c589f79" ,
2019-06-01 10:13:06 +02:00
"name" : "shell-commands"
2019-06-01 10:04:46 +02:00
}