MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

allow multiple of certain types. bump version

pull/370/head
goodlandsecurity 2022-08-25 15:56:36 -05:00
parent df5f9921df
commit 26c2767228
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
objects/spearphishing-attachment/definition.json
View File

@ -3,26 +3,31 @@
"artifact-dropped-md5": { "artifact-dropped-md5": {
"description": "The MD5 of an additional file that was either extracted from or downloaded by the attachment.", "description": "The MD5 of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "md5", "misp-attribute": "md5",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"artifact-dropped-name": { "artifact-dropped-name": {
"description": "Name of an additional file that was either extracted from or downloaded by the attachment.", "description": "Name of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "filename", "misp-attribute": "filename",
"multiple": true,
"ui-priority": 0 "ui-priority": 0
}, },
"artifact-dropped-sha1": { "artifact-dropped-sha1": {
"description": "The SHA1 of an additional file that was either extracted from or downloaded by the attachment.", "description": "The SHA1 of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "sha1", "misp-attribute": "sha1",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"artifact-dropped-sha256": { "artifact-dropped-sha256": {
"description": "The SHA256 of an additional file that was either extracted from or downloaded by the attachment.", "description": "The SHA256 of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "sha256", "misp-attribute": "sha256",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"attachment-md5": { "attachment-md5": {
"description": "The MD5 of the file that was attached to the e-mail itself.", "description": "The MD5 of the file that was attached to the e-mail itself.",
"misp-attribute": "md5", "misp-attribute": "md5",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"attachment-name": { "attachment-name": {
@ -33,26 +38,31 @@
"attachment-sha1": { "attachment-sha1": {
"description": "The SHA1 of the file that was attached to the e-mail itself.", "description": "The SHA1 of the file that was attached to the e-mail itself.",
"misp-attribute": "sha1", "misp-attribute": "sha1",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"attachment-sha256": { "attachment-sha256": {
"description": "The SHA256 of the file that was attached to the e-mail itself.", "description": "The SHA256 of the file that was attached to the e-mail itself.",
"misp-attribute": "sha256", "misp-attribute": "sha256",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"c2-domain": { "c2-domain": {
"description": "Command and control domain detected during analysis.", "description": "Command and control domain detected during analysis.",
"misp-attribute": "domain", "misp-attribute": "domain",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"c2-ip": { "c2-ip": {
"description": "Command and control IP address detected during analysis.", "description": "Command and control IP address detected during analysis.",
"misp-attribute": "ip-dst", "misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"c2-url": { "c2-url": {
"description": "Command and control URL detected during analysis.", "description": "Command and control URL detected during analysis.",
"misp-attribute": "url", "misp-attribute": "url",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"date": { "date": {
@ -64,26 +74,31 @@
"email-sender": { "email-sender": {
"description": "The source address from which the e-mail was sent.", "description": "The source address from which the e-mail was sent.",
"misp-attribute": "email-src", "misp-attribute": "email-src",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"malicious-url": { "malicious-url": {
"description": "Malicious URL that downloaded additional malware.", "description": "Malicious URL that downloaded additional malware.",
"misp-attribute": "url", "misp-attribute": "url",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"research-links": { "research-links": {
"description": "A link to an external analysis (VirusTotal, urlscan, etc.).", "description": "A link to an external analysis (VirusTotal, urlscan, etc.).",
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true,
"ui-priority": 0 "ui-priority": 0
}, },
"sender-ip": { "sender-ip": {
"description": "The source IP from which the e-mail was sent.", "description": "The source IP from which the e-mail was sent.",
"misp-attribute": "ip-src", "misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"subject": { "subject": {
"description": "The subject line of the e-mail.", "description": "The subject line of the e-mail.",
"misp-attribute": "email-subject", "misp-attribute": "email-subject",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"supporting-evidence": { "supporting-evidence": {
@ -105,5 +120,5 @@
"attachment-sha256" "attachment-sha256"
], ],
"uuid": "5dfcd9a9-d10c-48ae-9ba4-13c2428a994a", "uuid": "5dfcd9a9-d10c-48ae-9ba4-13c2428a994a",
"version": 20220520 "version": 20220825
} }

10
objects/spearphishing-link/definition.json
View File

@ -9,31 +9,37 @@
"email-sender": { "email-sender": {
"description": "The source address from which the e-mail was sent.", "description": "The source address from which the e-mail was sent.",
"misp-attribute": "email-src", "misp-attribute": "email-src",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"embedded-link": { "embedded-link": {
"description": "The malicious URL in the e-mail body.", "description": "The malicious URL in the e-mail body.",
"misp-attribute": "url", "misp-attribute": "url",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"redirect-url": { "redirect-url": {
"description": "The redirect URL, if any, from the malicious embedded link.", "description": "The redirect URL, if any, from the malicious embedded link.",
"misp-attribute": "url", "misp-attribute": "url",
"multiple": true,
"ui-priority": 0 "ui-priority": 0
}, },
"research-links": { "research-links": {
"description": "A link to an external analysis (VirusTotal, urlscan, etc.).", "description": "A link to an external analysis (VirusTotal, urlscan, etc.).",
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true,
"ui-priority": 0 "ui-priority": 0
}, },
"sender-ip": { "sender-ip": {
"description": "The source IP from which the e-mail was sent.", "description": "The source IP from which the e-mail was sent.",
"misp-attribute": "ip-src", "misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"subject": { "subject": {
"description": "The subject line of the e-mail.", "description": "The subject line of the e-mail.",
"misp-attribute": "email-subject", "misp-attribute": "email-subject",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"supporting-evidence": { "supporting-evidence": {
@ -51,5 +57,5 @@
"embedded-link" "embedded-link"
], ],
"uuid": "4e758e53-6c84-47b0-a19b-362f587059e2", "uuid": "4e758e53-6c84-47b0-a19b-362f587059e2",
"version": 20220520 "version": 20220825
} }