Merge branch 'rmkml-main' into main

2020-08-18 07:55:01 +02:00 · 2020-08-18 07:55:01 +02:00 · 115e503c6d
parent 2902024f5f bfec61d8b0
commit 115e503c6d
3 changed files with 91 additions and 7 deletions
--- a/objects/dns-record/definition.json
+++ b/objects/dns-record/definition.json
@ -5,17 +5,37 @@
        "Network activity",
        "External analysis"
      ],
-      "description": "IP Address sassociated with A Records",
+      "description": "IPv4 address associated with A record",
      "misp-attribute": "ip-dst",
      "multiple": true,
      "ui-priority": 1
    },
+    "aaaa-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IPv6 address associated with AAAA record",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "cname-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with CNAME record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
    "mx-record": {
      "categories": [
        "Network activity",
        "External analysis"
      ],
-      "description": "Domain associated with MX Record",
+      "description": "Domain associated with MX record",
      "misp-attribute": "domain",
      "multiple": true,
      "ui-priority": 1
@ -25,7 +45,17 @@
        "Network activity",
        "External analysis"
      ],
-      "description": "Domain associated with NS Records",
+      "description": "Domain associated with NS record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "ptr-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with PTR record",
      "misp-attribute": "domain",
      "multiple": true,
      "ui-priority": 1
@ -39,14 +69,54 @@
      "misp-attribute": "domain",
      "ui-priority": 1
    },
+    "soa-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with SOA record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "spf-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IP addresses associated with SPF record",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "srv-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with SRV record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
    "text": {
      "description": "A description of the records",
      "misp-attribute": "text",
      "recommended": false,
      "ui-priority": 1
+    },
+    "txt-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Content associated with TXT record",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
    }
  },
-  "description": "A set of dns records observed for a specific domain.",
+  "description": "A set of DNS records observed for a specific domain.",
  "meta-category": "network",
  "name": "dns-record",
  "required": [
@ -54,9 +124,16 @@
  ],
  "requiredOneOf": [
    "a-record",
+    "aaaa-record",
+    "cname-record",
    "mx-record",
-    "ns-record"
+    "ns-record",
+    "ptr-record",
+    "soa-record",
+    "spf-record",
+    "srv-record",
+    "txt-record"
  ],
  "uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9",
-  "version": 1
+  "version": 2
 }
--- a/objects/file/definition.json
+++ b/objects/file/definition.json
@ -424,6 +424,11 @@
      "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
      "misp-attribute": "tlsh",
      "ui-priority": 0
+    },
+    "vhash": {
+      "description": "vhash by VirusTotal",
+      "misp-attribute": "vhash",
+      "ui-priority": 0
    }
  },
  "description": "File object describing a file with meta-information",
@ -451,5 +456,5 @@
    "fullpath"
  ],
  "uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
-  "version": 20
+  "version": 21
 }
--- a/schema_objects.json
+++ b/schema_objects.json
@ -96,6 +96,7 @@
            "filename|sha512/256",
            "filename|ssdeep",
            "filename|tlsh",
+            "filename|vhash",
            "first-name",
            "float",
            "frequent-flyer-number",
@ -180,6 +181,7 @@
            "text",
            "threat-actor",
            "tlsh",
+            "vhash",
            "travel-details",
            "twitter-id",
            "uri",