From 01ea4c30979d7bbaf07071ea502d1f492815b4d8 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 21 Sep 2018 07:11:38 +0200 Subject: [PATCH] chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded ref: fix https://github.com/MISP/MISP/issues/3679 --- objects/malware-config/definition.json | 51 ++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 objects/malware-config/definition.json diff --git a/objects/malware-config/definition.json b/objects/malware-config/definition.json new file mode 100644 index 0000000..435fc95 --- /dev/null +++ b/objects/malware-config/definition.json @@ -0,0 +1,51 @@ +{ + "requiredOneOf": [ + "config" + ], + "attributes": { + "config": { + "description": "Raw (decrypted, decoded) text of the malware configuration.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "format": { + "sane_default": [ + "JSON", + "yaml", + "INI", + "other" + ], + "description": "Original format of the malware configuration.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "encrypted": { + "description": "Encrypted or encoded text of the malware configuration in base64.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "password": { + "description": "Password or encryption key used to encrypt the malware configuration.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "last-seen": { + "description": "When the malware configuration has been seen for the last time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "first-seen": { + "description": "When the malware configuration has been seen for the first time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 1, + "description": "Malware configuration recovered or extracted from a malicious binary.", + "meta-category": "file", + "uuid": "8200b79b-1d8c-49a8-9a63-7710e613c059", + "name": "malware-config" +}