Merge pull request #370 from goodlandsecurity/spearphishing-objects-v2

spearphishing-objects-v2
pull/372/head
Alexandre Dulaunoy 2022-08-26 08:53:49 +02:00 committed by GitHub
commit 3abfb19982
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 2 deletions

View File

@ -3,26 +3,31 @@
"artifact-dropped-md5": {
"description": "The MD5 of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "md5",
"multiple": true,
"ui-priority": 1
},
"artifact-dropped-name": {
"description": "Name of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "filename",
"multiple": true,
"ui-priority": 0
},
"artifact-dropped-sha1": {
"description": "The SHA1 of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "sha1",
"multiple": true,
"ui-priority": 1
},
"artifact-dropped-sha256": {
"description": "The SHA256 of an additional file that was either extracted from or downloaded by the attachment.",
"misp-attribute": "sha256",
"multiple": true,
"ui-priority": 1
},
"attachment-md5": {
"description": "The MD5 of the file that was attached to the e-mail itself.",
"misp-attribute": "md5",
"multiple": true,
"ui-priority": 1
},
"attachment-name": {
@ -33,26 +38,31 @@
"attachment-sha1": {
"description": "The SHA1 of the file that was attached to the e-mail itself.",
"misp-attribute": "sha1",
"multiple": true,
"ui-priority": 1
},
"attachment-sha256": {
"description": "The SHA256 of the file that was attached to the e-mail itself.",
"misp-attribute": "sha256",
"multiple": true,
"ui-priority": 1
},
"c2-domain": {
"description": "Command and control domain detected during analysis.",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"c2-ip": {
"description": "Command and control IP address detected during analysis.",
"misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 1
},
"c2-url": {
"description": "Command and control URL detected during analysis.",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 1
},
"date": {
@ -64,26 +74,31 @@
"email-sender": {
"description": "The source address from which the e-mail was sent.",
"misp-attribute": "email-src",
"multiple": true,
"ui-priority": 1
},
"malicious-url": {
"description": "Malicious URL that downloaded additional malware.",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 1
},
"research-links": {
"description": "A link to an external analysis (VirusTotal, urlscan, etc.).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"sender-ip": {
"description": "The source IP from which the e-mail was sent.",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 1
},
"subject": {
"description": "The subject line of the e-mail.",
"misp-attribute": "email-subject",
"multiple": true,
"ui-priority": 1
},
"supporting-evidence": {
@ -105,5 +120,5 @@
"attachment-sha256"
],
"uuid": "5dfcd9a9-d10c-48ae-9ba4-13c2428a994a",
"version": 20220520
"version": 20220825
}

View File

@ -9,31 +9,37 @@
"email-sender": {
"description": "The source address from which the e-mail was sent.",
"misp-attribute": "email-src",
"multiple": true,
"ui-priority": 1
},
"embedded-link": {
"description": "The malicious URL in the e-mail body.",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 1
},
"redirect-url": {
"description": "The redirect URL, if any, from the malicious embedded link.",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"research-links": {
"description": "A link to an external analysis (VirusTotal, urlscan, etc.).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"sender-ip": {
"description": "The source IP from which the e-mail was sent.",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 1
},
"subject": {
"description": "The subject line of the e-mail.",
"misp-attribute": "email-subject",
"multiple": true,
"ui-priority": 1
},
"supporting-evidence": {
@ -51,5 +57,5 @@
"embedded-link"
],
"uuid": "4e758e53-6c84-47b0-a19b-362f587059e2",
"version": 20220520
"version": 20220825
}