misp-objects/objects/c2-list/definition.json

50 lines
1.2 KiB
JSON
Raw Normal View History

2023-09-19 16:31:10 +02:00
{
"attributes": {
2023-09-19 16:58:06 +02:00
"c2-ipport": {
2023-09-19 16:31:10 +02:00
"categories": [
"Network activity"
],
"description": "IP:Port of C2 server",
"misp-attribute": "ip-src|port",
"multiple": true,
"ui-priority": 1
},
2023-09-19 16:58:06 +02:00
"c2-ip": {
"categories": [
"Network activity"
],
"description": "IP of C2 server with unknown port",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 1
},
2023-09-19 16:31:10 +02:00
"report-url": {
"description": "URL of source of information, e.g. blog post, ransomware analysis",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"threat": {
"categories": [
"Attribution",
"Payload type"
],
"description": "threat actor or malware",
"misp-attribute": "text",
"ui-priority": 1
}
},
"description": "List of C2-servers with common ground, e.g. extracted from a blog post or ransomware analysis",
"meta-category": "network",
"name": "c2-list",
"required": [
"threat"
],
"requiredOneOf": [
2023-09-19 16:58:06 +02:00
"c2-ipport",
"c2-ip"
2023-09-19 16:31:10 +02:00
],
"uuid": "12456351-ceb7-4d43-9a7e-d2275d8b5785",
"version": 20230919
}