diff --git a/objects/c2-list/definition.json b/objects/c2-list/definition.json new file mode 100644 index 0000000..b47ea30 --- /dev/null +++ b/objects/c2-list/definition.json @@ -0,0 +1,40 @@ +{ + "attributes": { + "c2": { + "categories": [ + "Network activity" + ], + "description": "IP:Port of C2 server", + "misp-attribute": "ip-src|port", + "multiple": true, + "ui-priority": 1 + }, + "report-url": { + "description": "URL of source of information, e.g. blog post, ransomware analysis", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "threat": { + "categories": [ + "Attribution", + "Payload type" + ], + "description": "threat actor or malware", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "List of C2-servers with common ground, e.g. extracted from a blog post or ransomware analysis", + "meta-category": "network", + "name": "c2-list", + "required": [ + "threat" + ], + "requiredOneOf": [ + "c2" + ], + "uuid": "12456351-ceb7-4d43-9a7e-d2275d8b5785", + "version": 20230919 +} \ No newline at end of file