diff --git a/objects/authenticode-signerinfo/definition.json b/objects/authenticode-signerinfo/definition.json index 64d6070..4681592 100644 --- a/objects/authenticode-signerinfo/definition.json +++ b/objects/authenticode-signerinfo/definition.json @@ -5,8 +5,20 @@ "misp-attribute": "text", "ui-priority": 0 }, + "digest-base64": { + "description": "Signature created by the signing certificate’s private key", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "digest_algorithm": { - "description": "Digest algorithm", + "description": "Algorithm used to hash the file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "encryption_algorithm": { + "description": "Algorithm used to encrypt the digest", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 @@ -22,6 +34,12 @@ "misp-attribute": "text", "ui-priority": 0 }, + "serial-number": { + "description": "Serial number of the certificate", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "signature_algorithm": { "description": "Signature algorithm", "disable_correlation": true, @@ -55,8 +73,9 @@ "name": "authenticode-signerinfo", "requiredOneOf": [ "url", - "program-name" + "program-name", + "issuer" ], "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/pe/definition.json b/objects/pe/definition.json index fba3a8d..ae89b65 100644 --- a/objects/pe/definition.json +++ b/objects/pe/definition.json @@ -1,5 +1,10 @@ { "attributes": { + "authentihash": { + "description": "Authenticode executable signature hash (sha256)", + "misp-attribute": "authentihash", + "ui-priority": 1 + }, "company-name": { "description": "CompanyName in the resources", "disable_correlation": true, @@ -131,5 +136,5 @@ "impfuzzy" ], "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", - "version": 6 + "version": 7 } \ No newline at end of file diff --git a/objects/regexp/definition.json b/objects/regexp/definition.json index fc77bb0..e566357 100644 --- a/objects/regexp/definition.json +++ b/objects/regexp/definition.json @@ -19,7 +19,8 @@ "PCRE", "PCRE2", "POSIX BRE", - "POSIX ERE" + "POSIX ERE", + "FCRE (Farsight Compatible Regular Expressions)" ] }, "type": { @@ -51,5 +52,5 @@ "regexp" ], "uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", - "version": 4 + "version": 5 } \ No newline at end of file diff --git a/objects/report/definition.json b/objects/report/definition.json index 316823f..ff9920b 100644 --- a/objects/report/definition.json +++ b/objects/report/definition.json @@ -9,6 +9,12 @@ "misp-attribute": "text", "ui-priority": 1 }, + "link": { + "description": "Link to the report mentioned", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 100 + }, "report-file(s)": { "description": "Attachment(s) that is related to the report", "misp-attribute": "attachment", @@ -30,8 +36,9 @@ "meta-category": "misc", "name": "report", "required": [ - "summary" + "summary", + "link" ], "uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/splunk/definition.json b/objects/splunk/definition.json index fb0c9cd..db96a6b 100644 --- a/objects/splunk/definition.json +++ b/objects/splunk/definition.json @@ -46,6 +46,7 @@ "description": "Search / Correlation search", "disable_correlation": true, "misp-attribute": "text", + "multiple": true, "ui-priority": 0 } }, @@ -56,5 +57,5 @@ "search" ], "uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/telegram-account/definition.json b/objects/telegram-account/definition.json new file mode 100644 index 0000000..b485d46 --- /dev/null +++ b/objects/telegram-account/definition.json @@ -0,0 +1,45 @@ +{ + "attributes": { + "first_name": { + "description": "First name", + "misp-attribute": "text", + "ui-priority": 1 + }, + "id": { + "description": "Telegram user identifier", + "misp-attribute": "text", + "ui-priority": 1 + }, + "last_name": { + "description": "Last name", + "misp-attribute": "text", + "ui-priority": 1 + }, + "phone": { + "description": "Phone associated with the telegram user", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "username": { + "description": "Telegram username", + "misp-attribute": "text", + "ui-priority": 1 + }, + "verified": { + "description": "Verified", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "Information related to a telegram account", + "meta-category": "misc", + "name": "telegram-account", + "requiredOneOf": [ + "id", + "phone", + "username" + ], + "uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c", + "version": 2 +} \ No newline at end of file diff --git a/objects/url/definition.json b/objects/url/definition.json index b456cc0..9795574 100644 --- a/objects/url/definition.json +++ b/objects/url/definition.json @@ -35,6 +35,7 @@ "ip": { "description": "Better type when the host is an IP.", "misp-attribute": "ip-dst", + "multiple": true, "ui-priority": 0 }, "last-seen": { @@ -105,5 +106,5 @@ "resource_path" ], "uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", - "version": 8 + "version": 9 } \ No newline at end of file diff --git a/objects/virustotal-report/definition.json b/objects/virustotal-report/definition.json index 0a85f4c..b69e256 100644 --- a/objects/virustotal-report/definition.json +++ b/objects/virustotal-report/definition.json @@ -5,6 +5,7 @@ "External analysis" ], "description": "Comment related to this hash", + "disable_correlation": true, "misp-attribute": "text", "multiple": true, "ui-priority": 2 @@ -32,6 +33,7 @@ "Other" ], "description": "First Submission", + "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, @@ -40,6 +42,7 @@ "Other" ], "description": "Last Submission", + "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, @@ -48,6 +51,7 @@ "External analysis" ], "description": "Permalink Reference", + "disable_correlation": true, "misp-attribute": "link", "ui-priority": 2 } @@ -59,5 +63,5 @@ "permalink" ], "uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", - "version": 3 + "version": 4 } \ No newline at end of file diff --git a/objects/windows-service/definition.json b/objects/windows-service/definition.json new file mode 100644 index 0000000..f3e2cee --- /dev/null +++ b/objects/windows-service/definition.json @@ -0,0 +1,92 @@ +{ + "attributes": { + "comment": { + "description": "Additional comments.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "display": { + "description": "Display name/information of the service.", + "misp-attribute": "windows-service-displayname", + "ui-priority": 0 + }, + "group": { + "description": "Group to which the system/driver belong to.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Base", + "Boot Bus Extender", + "Boot File System", + "Cryptography", + "Extended base", + "Event Log", + "Filter", + "FSFilter Bottom", + "FSFilter Infrastructure", + "File System", + "FSFilter Virtualization", + "Keyboard Port", + "Network", + "NDIS", + "Parallel arbitrator", + "Pointer Port", + "PnP Filter", + "ProfSvc_Group", + "PNP_TDI", + "SCSI Miniport", + "SCSI CDROM Class", + "System Bus Extender", + "Video Save", + "other" + ], + "ui-priority": 0 + }, + "image-path": { + "description": "Path of the service/drive", + "misp-attribute": "text", + "ui-priority": 0 + }, + "name": { + "description": "name of the service", + "misp-attribute": "windows-service-name", + "ui-priority": 0 + }, + "start": { + "description": "When the service/driver starts or executes.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Boot start", + "System start", + "Auto start", + "Manual", + "Disabled" + ], + "ui-priority": 0 + }, + "type": { + "description": "Service/driver type.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Kernel driver", + "File system driver", + "Own process", + "Share process", + "Interactive", + "Other" + ], + "ui-priority": 0 + } + }, + "description": "Windows service and detailed about a service running a Windows operating system", + "meta-category": "misc", + "name": "windows-service", + "required": [ + "name" + ], + "uuid": "7598cc63-7ba3-4d0a-91c0-b875c6013035", + "version": 1 +} \ No newline at end of file diff --git a/relationships/definition.json b/relationships/definition.json index 909ca87..40773de 100644 --- a/relationships/definition.json +++ b/relationships/definition.json @@ -1042,6 +1042,13 @@ ], "name": "extends" }, + { + "description": "Reprensents an object which writes towards another object or attribute", + "format": [ + "misp" + ], + "name": "writes" + }, { "description": "Represents the semantic link of an asn object being ranked with a bgp-ranking object", "format": [ @@ -1143,5 +1150,5 @@ "name": "doxed-by" } ], - "version": 21 + "version": 22 }