misp-objects/objects/phishing/definition.json

118 lines
3.1 KiB
JSON
Raw Normal View History

{
2019-02-25 09:29:15 +01:00
"name": "phishing",
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
"meta-category": "network",
"description": "Phishing template to describe a phishing website and its analysis.",
"version": 5,
"attributes": {
2019-02-25 09:29:15 +01:00
"internal reference": {
"categories": [
"Internal reference"
],
"misp-attribute": "text",
"ui-priority": 1,
2019-02-25 09:29:15 +01:00
"description": "Internal reference such as ticket ID"
},
2019-02-25 09:29:15 +01:00
"screenshot": {
"multiple": true,
"categories": [
"External analysis"
],
"ui-priority": 1,
2019-02-25 09:29:15 +01:00
"disable_correlation": true,
"misp-attribute": "attachment",
"description": "Screenshot of phishing site"
},
2019-02-25 09:29:15 +01:00
"target": {
"multiple": true,
"misp-attribute": "text",
"ui-priority": 0,
2019-02-25 09:29:15 +01:00
"description": "Targeted organisation by the phishing"
},
2019-02-25 09:29:15 +01:00
"takedown-request-to": {
"to_ids": false,
"multiple": true,
"categories": [
"Other"
],
2019-02-25 09:29:15 +01:00
"ui-priority": 1,
"disable_correlation": true,
"misp-attribute": "text",
2019-02-25 09:29:15 +01:00
"description": "Destination email address for take-down request"
},
2019-02-25 09:29:15 +01:00
"takedown-request": {
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0,
2019-02-25 09:29:15 +01:00
"description": "When the phishing was requested to be taken down"
},
"takedown-time": {
"disable_correlation": true,
"misp-attribute": "datetime",
2019-02-25 09:29:15 +01:00
"ui-priority": 0,
"description": "When the phishing was taken down"
},
"online": {
2019-02-25 09:29:15 +01:00
"disable_correlation": true,
"misp-attribute": "text",
"values_list": [
"Yes",
"No"
],
"ui-priority": 0,
2019-02-25 09:29:15 +01:00
"description": "If the phishing is online and operational, by default is yes"
},
2019-02-25 09:29:15 +01:00
"url": {
"misp-attribute": "url",
2019-02-01 09:37:31 +01:00
"ui-priority": 1,
2019-02-25 09:29:15 +01:00
"description": "Original URL of the phishing website"
},
"url-redirect": {
"multiple": true,
2019-02-25 09:29:15 +01:00
"misp-attribute": "url",
"ui-priority": 1,
"description": "Redirect URL of the phishing website"
2019-02-01 09:37:31 +01:00
},
2019-02-25 09:29:15 +01:00
"hostname": {
"multiple": true,
"misp-attribute": "hostname",
"ui-priority": 1,
"description": "host of the phishing website"
2019-02-01 09:37:31 +01:00
},
2019-02-25 09:29:15 +01:00
"phishtank-id": {
"misp-attribute": "text",
2019-02-01 09:37:31 +01:00
"ui-priority": 1,
2019-02-25 09:29:15 +01:00
"description": "Phishtank ID of the reported phishing"
2019-02-01 09:37:31 +01:00
},
2019-02-25 09:29:15 +01:00
"phishtank-detail-url": {
2019-02-01 09:37:31 +01:00
"ui-priority": 1,
2019-02-25 09:29:15 +01:00
"misp-attribute": "link",
"description": "Phishtank detail URL to the reported phishing"
},
"submission-time": {
"misp-attribute": "datetime",
"ui-priority": 0,
"description": "When the phishing was submitted and/or reported"
},
"verified": {
"disable_correlation": true,
2019-02-01 09:37:31 +01:00
"misp-attribute": "text",
2019-02-25 09:29:15 +01:00
"values_list": [
"No",
"Yes"
],
"ui-priority": 0,
"description": "The phishing has been verified by the team handling the phishing"
},
"verification-time": {
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0,
"description": "When the phishing was verified"
}
},
2019-02-25 09:29:15 +01:00
"requiredOneOf": [
"url"
]
}