2018-09-28 15:14:51 +02:00
|
|
|
{
|
|
|
|
"attributes": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"hostname": {
|
|
|
|
"description": "host of the phishing website",
|
|
|
|
"misp-attribute": "hostname",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
2020-09-03 14:12:05 +02:00
|
|
|
"internal-reference": {
|
2019-02-25 09:29:15 +01:00
|
|
|
"categories": [
|
|
|
|
"Internal reference"
|
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Internal reference such as ticket ID",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"online": {
|
|
|
|
"description": "If the phishing is online and operational, by default is yes",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"values_list": [
|
|
|
|
"Yes",
|
|
|
|
"No"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"phishtank-detail-url": {
|
|
|
|
"description": "Phishtank detail URL to the reported phishing",
|
|
|
|
"misp-attribute": "link",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"phishtank-id": {
|
|
|
|
"description": "Phishtank ID of the reported phishing",
|
2019-02-25 09:29:15 +01:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
2019-02-07 14:58:40 +01:00
|
|
|
},
|
2019-02-25 09:29:15 +01:00
|
|
|
"screenshot": {
|
|
|
|
"categories": [
|
|
|
|
"External analysis"
|
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Screenshot of phishing site",
|
2019-02-25 09:29:15 +01:00
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "attachment",
|
|
|
|
"multiple": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"submission-time": {
|
|
|
|
"description": "When the phishing was submitted and/or reported",
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"takedown-request": {
|
|
|
|
"description": "When the phishing was requested to be taken down",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 0
|
2018-09-28 15:14:51 +02:00
|
|
|
},
|
2019-02-25 09:29:15 +01:00
|
|
|
"takedown-request-to": {
|
|
|
|
"categories": [
|
|
|
|
"Other"
|
2018-09-28 15:14:51 +02:00
|
|
|
],
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Destination email address for take-down request",
|
2019-02-25 09:29:15 +01:00
|
|
|
"disable_correlation": true,
|
2018-09-28 15:14:51 +02:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"to_ids": false,
|
|
|
|
"ui-priority": 1
|
2019-02-25 09:29:15 +01:00
|
|
|
},
|
|
|
|
"takedown-time": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "When the phishing was taken down",
|
2019-02-25 09:29:15 +01:00
|
|
|
"disable_correlation": true,
|
2018-09-28 15:14:51 +02:00
|
|
|
"misp-attribute": "datetime",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 0
|
2018-09-28 15:14:51 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"target": {
|
|
|
|
"description": "Targeted organisation by the phishing",
|
2019-02-25 09:29:15 +01:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0
|
2018-09-28 15:14:51 +02:00
|
|
|
},
|
2019-02-25 09:29:15 +01:00
|
|
|
"url": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Original URL of the phishing website",
|
2019-02-25 09:29:15 +01:00
|
|
|
"misp-attribute": "url",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
2019-02-25 09:29:15 +01:00
|
|
|
},
|
|
|
|
"url-redirect": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Redirect URL of the phishing website",
|
2019-02-25 09:29:15 +01:00
|
|
|
"misp-attribute": "url",
|
|
|
|
"multiple": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
2019-02-01 09:37:31 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"verification-time": {
|
|
|
|
"description": "When the phishing was verified",
|
|
|
|
"disable_correlation": true,
|
2019-02-25 09:29:15 +01:00
|
|
|
"misp-attribute": "datetime",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 0
|
2019-02-25 09:29:15 +01:00
|
|
|
},
|
|
|
|
"verified": {
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "The phishing has been verified by the team handling the phishing",
|
2019-02-25 09:29:15 +01:00
|
|
|
"disable_correlation": true,
|
2019-02-01 09:37:31 +01:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 0,
|
2019-02-25 09:29:15 +01:00
|
|
|
"values_list": [
|
|
|
|
"No",
|
|
|
|
"Yes"
|
2020-04-26 02:10:02 +02:00
|
|
|
]
|
2018-09-28 15:14:51 +02:00
|
|
|
}
|
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"description": "Phishing template to describe a phishing website and its analysis.",
|
|
|
|
"meta-category": "network",
|
|
|
|
"name": "phishing",
|
2019-02-25 09:29:15 +01:00
|
|
|
"requiredOneOf": [
|
|
|
|
"url"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
|
|
|
|
"version": 5
|
|
|
|
}
|