misp-objects/objects/phishing-kit/definition.json

95 lines
2.4 KiB
JSON
Raw Normal View History

{
"attributes": {
"date-found": {
"description": "Date when the phishing kit was found",
"disable_correlation": true,
"misp-attribute": "datetime",
"multiple": true,
"to_ids": false,
"ui-priority": 0
},
"email-type": {
"description": "Type of the Email",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": false,
"ui-priority": 0
},
"internal reference": {
"categories": [
"Internal reference"
],
"description": "Internal reference such as ticket ID",
"misp-attribute": "text",
"ui-priority": 1
},
"kit-mailer": {
"description": "Mailer Kit Used",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"kit-name": {
"description": "Name of the Phishing Kit",
"misp-attribute": "text",
"ui-priority": 10
},
"kit-url": {
"description": "URL of Phishing Kit",
"misp-attribute": "url",
"ui-priority": 1
},
"online": {
"description": "If the phishing kit is online and operational, by default is yes",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0,
"values_list": [
"Yes",
"No"
]
},
"phishing-domain": {
"description": "Domain used for Phishing",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 1
},
"reference-link": {
"description": "Link where the Phishing Kit was observed",
"misp-attribute": "link",
"multiple": true,
"to_ids": false,
"ui-priority": 1
},
"target": {
"description": "What was targeted using this phishing kit",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"threat-actor": {
"description": "Identified threat actor",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"threat-actor-email": {
"description": "Email of the Threat Actor",
"misp-attribute": "email-src",
"multiple": true,
"ui-priority": 0
}
},
"description": "Object to describe a phishing-kit.",
"meta-category": "network",
"name": "phishing-kit",
"requiredOneOf": [
"kit-url",
"reference-link",
"kit-name"
],
"uuid": "f452c16b-12fa-4f87-84a2-15a9e8ca6e7c",
"version": 3
}