mirror of https://github.com/MISP/misp-objects
commit
0813efbaf6
|
@ -0,0 +1,50 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the image (Internet Archive, Archive.is, etc).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "The image file.",
|
||||
"misp-attribute": "attachment",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"filename": {
|
||||
"description": "The image filename.",
|
||||
"misp-attribute": "filename",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"image-text": {
|
||||
"description": "Raw text of image",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link into the image (Supposed harmless)",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the image (potentially malicious)",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"username": {
|
||||
"description": "Username who posted the image.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
}
|
||||
},
|
||||
"description": "Object describing an image file.",
|
||||
"meta-category": "file",
|
||||
"name": "image",
|
||||
"requiredOneOf": [
|
||||
"attachment",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "ca78ec03-3321-4ed3-9840-9bfd52b91d82",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,79 @@
|
|||
{
|
||||
"attributes": {
|
||||
"account-avatar": {
|
||||
"description": "A screen capture or exported account avatar.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"account-id": {
|
||||
"description": "Account id.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"account-name": {
|
||||
"description": "Account name (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"archive": {
|
||||
"description": "Archive of the account (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported list of contacts etc.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the user.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the account page (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"moderator-of": {
|
||||
"description": "Subreddits of which this account is a moderator (exclude the r/).",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"trophies": {
|
||||
"description": "Trophies listed in the account Trophy Case.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the page (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"user-avatar": {
|
||||
"description": "A user profile picture or avatar.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "Reddit account.",
|
||||
"meta-category": "misc",
|
||||
"name": "reddit-account",
|
||||
"requiredOneOf": [
|
||||
"account-name",
|
||||
"account-id",
|
||||
"description",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "6802f885-2003-494a-b234-61aadce62731",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,85 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the original comment (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported file from the comment.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"comment": {
|
||||
"description": "The raw text of the comment.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"creator": {
|
||||
"description": "The user account that created the post (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the comment.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the subreddit description (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the subreddit description (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag used to identify or promote the comment.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the comment (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"subreddit-name": {
|
||||
"description": "The name of the subreddit where it was posted (exclude the r/).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the comment (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"username-quoted": {
|
||||
"description": "Username who are quoted in the comment (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
}
|
||||
},
|
||||
"description": "A Reddit post comment.",
|
||||
"meta-category": "misc",
|
||||
"name": "reddit-comment",
|
||||
"requiredOneOf": [
|
||||
"creator",
|
||||
"comment",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "0a7e5fc0-fe6a-43c7-a957-de3269c2eb6c",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,89 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the original Reddit post (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported file from the Reddit post.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"creator": {
|
||||
"description": "The user account that created the post (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the post.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the subreddit description (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the subreddit description (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag used to identify or promote the Reddit post.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the Reddit post (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"post-content": {
|
||||
"description": "The raw text of the Reddit post.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"post-title": {
|
||||
"description": "The title of the Reddit post.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"subreddit-name": {
|
||||
"description": "The name of the subreddit where it was posted (exclude the r/).",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the Reddit post (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"username-quoted": {
|
||||
"description": "Username who are quoted in the Reddit post (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
}
|
||||
},
|
||||
"description": "A Reddit post.",
|
||||
"meta-category": "misc",
|
||||
"name": "reddit-post",
|
||||
"requiredOneOf": [
|
||||
"post-title",
|
||||
"post-content",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "e5ed7e7f-2e21-44ff-839f-e58d9818f17f",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,121 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the original subreddit (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported list of contacts, subreddit members, etc.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"community-icon": {
|
||||
"description": "A screen capture or exported subreddit community icon.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"creator": {
|
||||
"description": "The user account that created the subreddit (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the subreddit.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the subreddit description (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the subreddit description (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag used to identify or promote the subreddit.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"header-image": {
|
||||
"description": "A screen capture or exported subreddit header.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the subreddit (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"moderator": {
|
||||
"description": "A user account who is a moderator of the subreddit (do not include u/).",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"privacy": {
|
||||
"description": "Subreddit privacy.",
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"Public",
|
||||
"Private"
|
||||
],
|
||||
"ui-priority": 1
|
||||
},
|
||||
"rules": {
|
||||
"description": "Raw text of the rules of the subreddit.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"submit-text": {
|
||||
"description": "The submission form raw text when posting to the subreddit.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"subreddit-alias": {
|
||||
"description": "Aliases or previous names of subreddit.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"subreddit-name": {
|
||||
"description": "The name of the subreddit (exclude the r/).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"subreddit-type": {
|
||||
"description": "Subreddit type, e.g. general, buy and sell etc.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the subreddit (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "Public or private subreddit.",
|
||||
"meta-category": "misc",
|
||||
"name": "reddit-subreddit",
|
||||
"requiredOneOf": [
|
||||
"subreddit-name",
|
||||
"description",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "5a00464c-5379-4e66-ab21-d356ba426155",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,111 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the account (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported list of contacts etc.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the user.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"displayed-name": {
|
||||
"description": "Displayed name.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the user description (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the user description (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"followers": {
|
||||
"description": "number of followers.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"friends": {
|
||||
"description": "Number of friends.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag embedded in the user description.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"id": {
|
||||
"description": "Numeric account id.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the user (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"listed": {
|
||||
"description": "Number of lists the user is on.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"location": {
|
||||
"description": "User description of location.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"name": {
|
||||
"description": "User's screen name (without the @).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the user (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"verified": {
|
||||
"description": "User verified.",
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"True",
|
||||
"False"
|
||||
],
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "Twitter account.",
|
||||
"meta-category": "misc",
|
||||
"name": "twitter-account",
|
||||
"requiredOneOf": [
|
||||
"name",
|
||||
"id",
|
||||
"description",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "8066563f-881e-4f6a-9d6c-a9d15b8658bb",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the account (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported list of contacts etc.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the list.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"displayed-name": {
|
||||
"description": "Displayed name.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the description (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the description (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"to_ids": false,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag embedded in the description.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"id": {
|
||||
"description": "Numeric list id.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the list (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"name": {
|
||||
"description": "List's screen name (without the @).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the list (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"user-id": {
|
||||
"description": "Id of the account that manages this list.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"user-name": {
|
||||
"description": "Name of the account that manages this list (without the @).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
}
|
||||
},
|
||||
"description": "Twitter list.",
|
||||
"meta-category": "misc",
|
||||
"name": "twitter-list",
|
||||
"requiredOneOf": [
|
||||
"name",
|
||||
"id",
|
||||
"description",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "7ae81d5c-d9d8-4812-88a7-5f14fba241da",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,120 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the original tweet (Internet Archive, Archive.is, etc).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "The tweet file or screen capture.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link in the tweet",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Safe link in the tweet",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag embedded in the tweet",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"in-reply-to-display-name": {
|
||||
"description": "The user display name of the tweet this post shares.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"in-reply-to-status-id": {
|
||||
"description": "The twitter ID of the tweet that this post shares.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"in-reply-to-user-id": {
|
||||
"description": "The user ID of the tweet this post shares.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"language": {
|
||||
"description": "The language of the post.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the post (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"post": {
|
||||
"description": "Raw text of the post.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"post-id": {
|
||||
"description": "Numeric id of the tweet.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"removal-date": {
|
||||
"description": "When the tweet was removed.",
|
||||
"misp-attribute": "datetime",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"source": {
|
||||
"description": "Source of tweet (android, web etc).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL of the tweet, e.g. link shortener (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"user-id": {
|
||||
"description": "Id of the account that posted this tweet.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"user-name": {
|
||||
"description": "Name of the account that posted this tweet.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"username-quoted": {
|
||||
"description": "Username who is quoted in the tweet.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
}
|
||||
},
|
||||
"description": "Twitter post (tweet).",
|
||||
"meta-category": "misc",
|
||||
"name": "twitter-post",
|
||||
"requiredOneOf": [
|
||||
"post",
|
||||
"post-id",
|
||||
"archive",
|
||||
"url",
|
||||
"link",
|
||||
"attachment"
|
||||
],
|
||||
"uuid": "d1214031-ce1b-4a35-bd33-644c707bda2e",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
{
|
||||
"attributes": {
|
||||
"about": {
|
||||
"description": "About page of the channel.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"archive": {
|
||||
"description": "Archive of the channel (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported list of contacts etc.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"channel-avatar": {
|
||||
"description": "A screen capture or exported channel avatar.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"channel-banner": {
|
||||
"description": "A screen capture or exported channel header.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"channel-id": {
|
||||
"description": "Channel id.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"channel-name": {
|
||||
"description": "Channel name.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the channel.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"featured-channel": {
|
||||
"description": "Featured channel names.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the channel page (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the page (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "A YouTube channel.",
|
||||
"meta-category": "misc",
|
||||
"name": "youtube-channel",
|
||||
"requiredOneOf": [
|
||||
"channel-name",
|
||||
"channel-id",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "cb9f492b-9930-4388-98e1-5d0cdcfa51df",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the original comment (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported comment.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"channel-name": {
|
||||
"description": "The name of the channel where it was posted.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"comment": {
|
||||
"description": "The raw text of the YouTube video comment.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the comment.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the comment (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the comment (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag used in the comment.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the comment (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the comment (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"user-account": {
|
||||
"description": "The user account that commented on the YouTube video.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"username-quoted": {
|
||||
"description": "Username who are quoted in the comment.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"video-title": {
|
||||
"description": "The title of the YouTube video.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "A YouTube video comment.",
|
||||
"meta-category": "misc",
|
||||
"name": "youtube-comment",
|
||||
"requiredOneOf": [
|
||||
"comment",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "218bc1ae-c5ee-452b-895d-a26e0beaa550",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the playlist (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported list of contacts etc.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the playlist.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the playlist page (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"playlist-id": {
|
||||
"description": "Playlist id.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"playlist-name": {
|
||||
"description": "Playlist name.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the page (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"video-link": {
|
||||
"description": "Link to the video in playlist (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "A YouTube playlist.",
|
||||
"meta-category": "misc",
|
||||
"name": "youtube-playlist",
|
||||
"requiredOneOf": [
|
||||
"playlist-name",
|
||||
"playlist-id",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "5a5e7441-c048-4e4b-bab7-642a91d30935",
|
||||
"version": 1
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
{
|
||||
"attributes": {
|
||||
"archive": {
|
||||
"description": "Archive of the original YouTube video (Internet Archive, Archive.is, etc).",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"attachment": {
|
||||
"description": "A screen capture or exported YouTube video.",
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"channel-name": {
|
||||
"description": "The name of the channel where it was posted.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 1
|
||||
},
|
||||
"creator": {
|
||||
"description": "The user account that created the YouTube video.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"description": {
|
||||
"description": "A description of the YouTube video.",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Link embedded in the YouTube video description (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Link embedded in the YouTube video description (supposed safe).",
|
||||
"misp-attribute": "link",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"hashtag": {
|
||||
"description": "Hashtag used to identify or promote the YouTube video.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link to the YouTube video (supposed harmless).",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the YouTube video (potentially malicious).",
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"username-quoted": {
|
||||
"description": "Username who are quoted in the YouTube video or description.",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"video-title": {
|
||||
"description": "The title of the YouTube video.",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"video-transcript": {
|
||||
"description": "The YouTube video transcript (closed captions).",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1
|
||||
}
|
||||
},
|
||||
"description": "A YouTube video.",
|
||||
"meta-category": "misc",
|
||||
"name": "youtube-video",
|
||||
"requiredOneOf": [
|
||||
"video-title",
|
||||
"archive",
|
||||
"link"
|
||||
],
|
||||
"uuid": "2bd68462-a509-4320-b5c6-760a57fd1a80",
|
||||
"version": 1
|
||||
}
|
Loading…
Reference in New Issue