2020-02-09 17:39:36 +01:00
|
|
|
{
|
|
|
|
"attributes": {
|
|
|
|
"app-used": {
|
|
|
|
"description": "The IM application used to send the message.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "text",
|
2020-02-09 17:39:36 +01:00
|
|
|
"sane_default": [
|
|
|
|
"WhatsApp",
|
|
|
|
"Google Hangouts",
|
|
|
|
"Facebook Messenger",
|
|
|
|
"Telegram",
|
|
|
|
"Signal",
|
|
|
|
"WeChat",
|
|
|
|
"BlackBerry Messenger",
|
|
|
|
"TeamSpeak",
|
|
|
|
"TorChat",
|
2022-01-16 16:39:06 +01:00
|
|
|
"Tox",
|
2020-02-09 17:39:36 +01:00
|
|
|
"RetroShare",
|
2022-02-04 08:49:32 +01:00
|
|
|
"Slack",
|
|
|
|
"Wire",
|
|
|
|
"Threema",
|
|
|
|
"Discord",
|
|
|
|
"Mumble"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"ui-priority": 1
|
2020-02-09 17:39:36 +01:00
|
|
|
},
|
|
|
|
"archive": {
|
|
|
|
"description": "Archive of the original message (Internet Archive, Archive.is, etc).",
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "link",
|
2020-02-09 17:39:36 +01:00
|
|
|
"multiple": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
2020-02-09 17:39:36 +01:00
|
|
|
},
|
|
|
|
"attachment": {
|
|
|
|
"description": "The message file or screen capture.",
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "attachment",
|
2020-02-09 17:39:36 +01:00
|
|
|
"multiple": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
2020-02-09 17:39:36 +01:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"body": {
|
|
|
|
"description": "Message body of the IM.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"from-name": {
|
|
|
|
"description": "Name of the person that sent the message.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"from-number": {
|
|
|
|
"description": "Phone number used to send the message.",
|
|
|
|
"misp-attribute": "phone-number",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"from-user": {
|
|
|
|
"description": "User account that sent the message.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"link": {
|
|
|
|
"description": "Original link into the message (Supposed harmless).",
|
|
|
|
"misp-attribute": "link",
|
|
|
|
"ui-priority": 1
|
2020-02-09 17:39:36 +01:00
|
|
|
},
|
|
|
|
"received-date": {
|
|
|
|
"description": "Received date of the message.",
|
2020-04-26 02:10:02 +02:00
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"sent-date": {
|
|
|
|
"description": "Initial sent date of the message.",
|
|
|
|
"disable_correlation": true,
|
2020-02-09 17:39:36 +01:00
|
|
|
"misp-attribute": "datetime",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"subject": {
|
|
|
|
"description": "Subject of the message if any.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"to-name": {
|
|
|
|
"description": "Name of the person that received the message.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"to-number": {
|
|
|
|
"description": "Phone number receiving the message.",
|
|
|
|
"misp-attribute": "phone-number",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"to-user": {
|
|
|
|
"description": "User account that received the message.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"url": {
|
|
|
|
"description": "Original URL location of the message (potentially malicious).",
|
|
|
|
"misp-attribute": "url",
|
|
|
|
"ui-priority": 1
|
2020-02-09 17:39:36 +01:00
|
|
|
}
|
|
|
|
},
|
|
|
|
"description": "Instant Message (IM) object template describing one or more IM message.",
|
|
|
|
"meta-category": "misc",
|
2020-04-26 02:10:02 +02:00
|
|
|
"name": "instant-message",
|
|
|
|
"requiredOneOf": [
|
|
|
|
"body",
|
|
|
|
"from-user"
|
|
|
|
],
|
2020-02-09 17:39:36 +01:00
|
|
|
"uuid": "5fa51a24-f40f-4696-a77e-d31e26bab5fc",
|
2022-02-04 08:49:32 +01:00
|
|
|
"version": 3
|
|
|
|
}
|