chg: [ransomware-group-post] updated with shadowserver object template

format

- underscores replaced with hyphen
- descriptions added
- decorrelation added for some fields
pull/430/head
Alexandre Dulaunoy 2024-04-24 15:19:02 +02:00
parent 16b354c04c
commit 3d78e17c4b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 63 additions and 3 deletions

View File

@ -1,7 +1,26 @@
{ {
"attributes": { "attributes": {
"actor-geo-stats-30d": {
"description": "actor-geo-stats-30d",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"actor-total-stats-30d": {
"description": "actor-total-stats-30d",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"date": { "date": {
"description": "Last update of the post as seen on the ransomware group blog. Different than the first/last seen from the crawling.", "description": "Last update of the post as seen on the ransomware group blog. Different than the first/last seen from the crawling.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"date-published": {
"description": "Initial published date of the post on the ransomware group blog.",
"disable_correlation": true,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"ui-priority": 0 "ui-priority": 0
}, },
@ -10,25 +29,66 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"entity-name": {
"description": "Entity name of the victim referenced in the post of the ransomware group.",
"misp-attribute": "text",
"ui-priority": 1
},
"geo": {
"description": "Geographic (main) location of the victim referenced in the post of the ransomware group.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"leak-site-url": {
"description": "Link to the post.",
"misp-attribute": "link",
"ui-priority": 1
},
"link": { "link": {
"description": "Original URL location of the post.", "description": "Original URL location of the post.",
"misp-attribute": "link", "misp-attribute": "link",
"ui-priority": 1 "ui-priority": 1
}, },
"ransomware-group": {
"description": "Ransomware group where the post is mentioned.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"sector": {
"description": "Sector (main) of the victim referenced in the post of the ransomware group.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"severity": {
"description": "Severity of the post mentioned.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"title": { "title": {
"description": "Title of blog post.", "description": "Title of blog post.",
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
},
"website": {
"description": "Website of the victim referenced in the post of the ransomware group.",
"misp-attribute": "link",
"ui-priority": 1
} }
}, },
"description": "Ransomware group post as monitored by ransomlook.io", "description": "Ransomware group post as monitored by ransomlook.io or others",
"meta-category": "misc", "meta-category": "misc",
"name": "ransomware-group-post", "name": "ransomware-group-post",
"requiredOneOf": [ "requiredOneOf": [
"title", "title",
"description", "description",
"link" "link",
"website",
"leak-site-url"
], ],
"uuid": "52a0e179-4942-41e6-90f5-7db856fd6f39", "uuid": "52a0e179-4942-41e6-90f5-7db856fd6f39",
"version": 1 "version": 2
} }