From ce20ea05fe4aad4f670bc105fad0dfc6ff68d986 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Thu, 30 Jan 2020 14:08:19 -0500 Subject: [PATCH 1/6] chg: [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description --- objects/blog/definition.json | 10 ++++++++-- objects/forged-document/definition.json | 9 ++++++++- objects/leaked-document/definition.json | 9 ++++++++- objects/meme-image/definition.json | 8 +++++++- objects/microblog/definition.json | 8 +++++++- 5 files changed, 38 insertions(+), 6 deletions(-) diff --git a/objects/blog/definition.json b/objects/blog/definition.json index b471525..97980b6 100644 --- a/objects/blog/definition.json +++ b/objects/blog/definition.json @@ -9,7 +9,7 @@ "misp-attribute": "text" }, "title": { - "description": "Raw post.", + "description": "Title of blog post.", "ui-priority": 1, "misp-attribute": "text" }, @@ -23,6 +23,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "type": { "description": "Type of blog post.", "ui-priority": 1, @@ -88,7 +94,7 @@ "misp-attribute": "text" } }, - "version": 12, + "version": 13, "description": "Blog post like Medium or WordPress.", "meta-category": "misc", "uuid": "1f165fc0-b158-498f-8bc8-6dc3d2822bb1", diff --git a/objects/forged-document/definition.json b/objects/forged-document/definition.json index 5ed512e..66edaad 100644 --- a/objects/forged-document/definition.json +++ b/objects/forged-document/definition.json @@ -29,6 +29,7 @@ "ui-priority": 1, "misp-attribute": "text", "disable_correlation": true, + "multiple": true, "sane_default": [ "email", "letterhead", @@ -66,6 +67,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "objective": { "description": "Objective of the forged document.", "ui-priority": 1, @@ -92,7 +99,7 @@ "misp-attribute": "datetime" } }, - "version": 5, + "version": 6, "description": "Object describing a forged document.", "meta-category": "file", "uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21", diff --git a/objects/leaked-document/definition.json b/objects/leaked-document/definition.json index 88fc133..6adf927 100644 --- a/objects/leaked-document/definition.json +++ b/objects/leaked-document/definition.json @@ -34,6 +34,7 @@ "ui-priority": 1, "misp-attribute": "text", "disable_correlation": true, + "multiple": true, "sane_default": [ "email", "letterhead", @@ -71,6 +72,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "objective": { "description": "Reason for leaking the document.", "ui-priority": 1, @@ -98,7 +105,7 @@ "misp-attribute": "datetime" } }, - "version": 5, + "version": 6, "description": "Object describing a leaked document.", "meta-category": "file", "uuid": "ea145ecd-b3c2-4f57-ac11-c16e883c4247", diff --git a/objects/meme-image/definition.json b/objects/meme-image/definition.json index eb59d9f..edb88ec 100644 --- a/objects/meme-image/definition.json +++ b/objects/meme-image/definition.json @@ -66,6 +66,12 @@ "ui-priority": 1, "misp-attribute": "link" }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "objective": { "description": "Objective of the meme.", "ui-priority": 1, @@ -92,7 +98,7 @@ "misp-attribute": "datetime" } }, - "version": 5, + "version": 6, "description": "Object describing a meme (image).", "meta-category": "file", "uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6", diff --git a/objects/microblog/definition.json b/objects/microblog/definition.json index 309c11e..c5e2f89 100644 --- a/objects/microblog/definition.json +++ b/objects/microblog/definition.json @@ -19,6 +19,12 @@ "misp-attribute": "link", "to_ids": false }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, "type": { "description": "Type of the microblog post", "ui-priority": 1, @@ -103,7 +109,7 @@ "multiple": true } }, - "version": 12, + "version": 13, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", From 804e2116ce5283f76657eb466a8b2e7a03e9928f Mon Sep 17 00:00:00 2001 From: VVX7 Date: Thu, 30 Jan 2020 16:36:56 -0500 Subject: [PATCH 2/6] chg: [microblog] add attachment field for issue #186 --- objects/microblog/definition.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/objects/microblog/definition.json b/objects/microblog/definition.json index c5e2f89..4a636b1 100644 --- a/objects/microblog/definition.json +++ b/objects/microblog/definition.json @@ -25,6 +25,11 @@ "multiple": true, "misp-attribute": "link" }, + "attachment": { + "description": "The microblog post file or screen capture.", + "ui-priority": 1, + "misp-attribute": "attachment" + }, "type": { "description": "Type of the microblog post", "ui-priority": 1, @@ -109,7 +114,7 @@ "multiple": true } }, - "version": 13, + "version": 14, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", From 8fa0166b24d5c8ef2ff2d30980baa560f477758d Mon Sep 17 00:00:00 2001 From: VVX7 Date: Thu, 30 Jan 2020 16:41:40 -0500 Subject: [PATCH 3/6] chg: [microblog] allow multiple attachments per the enhancement request --- objects/microblog/definition.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/objects/microblog/definition.json b/objects/microblog/definition.json index 4a636b1..0fb5251 100644 --- a/objects/microblog/definition.json +++ b/objects/microblog/definition.json @@ -28,6 +28,7 @@ "attachment": { "description": "The microblog post file or screen capture.", "ui-priority": 1, + "multiple": true, "misp-attribute": "attachment" }, "type": { @@ -114,7 +115,7 @@ "multiple": true } }, - "version": 14, + "version": 15, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", From 4c4a3aabe5137582b8dd4110d1cfb71f39d8367c Mon Sep 17 00:00:00 2001 From: VVX7 Date: Thu, 30 Jan 2020 19:57:39 -0500 Subject: [PATCH 4/6] new: [objects] news-agency, news-media --- objects/news-agency/definition.json | 73 ++++++++++++++++ objects/news-media/definition.json | 127 ++++++++++++++++++++++++++++ 2 files changed, 200 insertions(+) create mode 100644 objects/news-agency/definition.json create mode 100644 objects/news-media/definition.json diff --git a/objects/news-agency/definition.json b/objects/news-agency/definition.json new file mode 100644 index 0000000..9df81c2 --- /dev/null +++ b/objects/news-agency/definition.json @@ -0,0 +1,73 @@ +{ + "requiredOneOf": [ + "name", + "alias" + ], + "attributes": { + "name": { + "description": "Name of the news agency.", + "disable_correlation": false, + "ui-priority": 100, + "misp-attribute": "text" + }, + "alias": { + "description": "Alias of the news agency.", + "ui-priority": 99, + "misp-attribute": "text", + "multiple": true + }, + "archive": { + "description": "Archive of the original document (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, + "attachment": { + "description": "The news file, screen capture, audio, etc.", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "attachment" + }, + "url": { + "description": "Original URL location of the news agency (potentially malicious).", + "ui-priority": 1, + "misp-attribute": "url", + "multiple": true + }, + "link": { + "description": "Original link to the news agency (Supposed harmless).", + "ui-priority": 1, + "misp-attribute": "link", + "multiple": true + }, + "phone-number": { + "description": "Phone number of the news agency.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "fax-number": { + "description": "Fax number of the news agency.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "address": { + "description": "Postal address of the news agency.", + "ui-priority": 10, + "misp-attribute": "text", + "multiple": true + }, + "e-mail": { + "description": "Email address of the organization.", + "ui-priority": 10, + "misp-attribute": "email-src", + "multiple": true + } + }, + "version": 1, + "description": "News agencies compile news and disseminate news in bulk.", + "meta-category": "misc", + "uuid": "92b3f7fd-c4bc-42af-a73b-033ace439622", + "name": "news-agency" +} diff --git a/objects/news-media/definition.json b/objects/news-media/definition.json new file mode 100644 index 0000000..10bd39d --- /dev/null +++ b/objects/news-media/definition.json @@ -0,0 +1,127 @@ +{ + "requiredOneOf": [ + "source", + "alias" + ], + "attributes": { + "source": { + "description": "Name of the news source.", + "disable_correlation": false, + "ui-priority": 100, + "misp-attribute": "text" + }, + "alias": { + "description": "Alias of the news source.", + "ui-priority": 99, + "misp-attribute": "text", + "multiple": true + }, + "content": { + "description": "Raw content of the news.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "transcription": { + "description": "Transcribed audio/visual content.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "title": { + "description": "Title of the post.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "archive": { + "description": "Archive of the news (Internet Archive, Archive.is, etc).", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "link" + }, + "attachment": { + "description": "The news file, screen capture, audio, etc.", + "ui-priority": 1, + "multiple": true, + "misp-attribute": "attachment" + }, + "type": { + "description": "Type of news media (newspaper, TV, podcast, etc).", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Newspaper", + "Newspaper (Online)", + "Magazine", + "Magazine (Online)", + "TV", + "Tube", + "Radio", + "Radio (Online)", + "Podcast", + "Alternative Media", + "Other" + ] + }, + "sub-type": { + "misp-attribute": "text", + "ui-priority": 0, + "description": "Format of the news post (business daily, local news, metasite, etc).", + "disable_correlation": true, + "values_list": [ + "Business Daily", + "Local News", + "State News", + "National News", + "Metasite", + "Political Commentary", + "Clipper", + "Pressure Group", + "Staging", + "Trade Site", + "Other" + ] + }, + "url": { + "description": "Original URL location of news (potentially malicious).", + "ui-priority": 1, + "misp-attribute": "url", + "multiple": true + }, + "link": { + "description": "Original link to news (Supposed harmless).", + "ui-priority": 1, + "misp-attribute": "link", + "multiple": true + }, + "phone-number": { + "description": "Phone number of the news source.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "fax-number": { + "description": "Fax number of the news source.", + "ui-priority": 10, + "misp-attribute": "phone-number", + "multiple": true + }, + "address": { + "description": "Postal address of the news source.", + "ui-priority": 10, + "misp-attribute": "text", + "multiple": true + }, + "e-mail": { + "description": "Email address of the news source.", + "ui-priority": 10, + "misp-attribute": "email-src", + "multiple": true + } + }, + "version": 1, + "description": "News media are forms of mass media deliverings news to the general public.", + "meta-category": "misc", + "uuid": "691463c5-5302-4847-9bec-4c56ccfec677", + "name": "news-media" +} From 329d92162c85254de6ed0a4eda5835efc235fb96 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Thu, 30 Jan 2020 21:31:06 -0500 Subject: [PATCH 5/6] chg: [object fields] add forged-document types, add microblog state --- objects/forged-document/definition.json | 4 +++- objects/microblog/definition.json | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/objects/forged-document/definition.json b/objects/forged-document/definition.json index 66edaad..f8a8f7a 100644 --- a/objects/forged-document/definition.json +++ b/objects/forged-document/definition.json @@ -35,6 +35,8 @@ "letterhead", "speech", "literature", + "blog", + "microblog", "photo", "audio", "invoice", @@ -99,7 +101,7 @@ "misp-attribute": "datetime" } }, - "version": 6, + "version": 7, "description": "Object describing a forged document.", "meta-category": "file", "uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21", diff --git a/objects/microblog/definition.json b/objects/microblog/definition.json index 0fb5251..cb825fe 100644 --- a/objects/microblog/definition.json +++ b/objects/microblog/definition.json @@ -55,6 +55,8 @@ "values_list": [ "Informative", "Malicious", + "Misinformation", + "Disinformation", "Unknown" ] }, @@ -115,7 +117,7 @@ "multiple": true } }, - "version": 15, + "version": 16, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", From e4d217172e98ab29f24d374ce5c731ee6e0e3444 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Thu, 30 Jan 2020 21:51:56 -0500 Subject: [PATCH 6/6] chg: [object field] add link for user-account page --- objects/user-account/definition.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/objects/user-account/definition.json b/objects/user-account/definition.json index 203bb28..2f68dbb 100644 --- a/objects/user-account/definition.json +++ b/objects/user-account/definition.json @@ -3,7 +3,7 @@ "uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "meta-category": "misc", "description": "", - "version": 1, + "version": 2, "requiredOneOf": [ "password", "username", @@ -54,6 +54,11 @@ "windows-domain" ] }, + "link": { + "description": "Original link into the account page (Supposed harmless)", + "ui-priority": 1, + "misp-attribute": "link" + }, "is_service_account": { "description": "Specifies if the account is associated with a network service.", "disable_correlation": true,