Merge pull request #228 from VVX7/master

new: [objects] instant message objects
2020-02-09 17:47:12 +01:00 · 2020-02-09 17:47:12 +01:00 · 6c7a8f4524
parent 3ba77c9d2c 1a40095f1a
commit 6c7a8f4524
2 changed files with 193 additions and 0 deletions
--- a/objects/instant-message-group/definition.json
+++ b/objects/instant-message-group/definition.json
@ -0,0 +1,80 @@
+{
+  "requiredOneOf": [
+    "group-name",
+    "group-alias",
+    "archive",
+    "attachment"
+  ],
+  "attributes": {
+    "group-name": {
+      "description": "The name of the group, channel or community.",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "group-alias": {
+      "description": "Aliases of group, channel or community.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "text"
+    },
+    "app-used": {
+      "description": "The IM application used to send the message.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "multiple": true,
+      "sane_default": [
+        "WhatsApp",
+        "Google Hangouts",
+        "Facebook Messenger",
+        "Telegram",
+        "Signal",
+        "WeChat",
+        "BlackBerry Messenger",
+        "TeamSpeak",
+        "TorChat",
+        "RetroShare",
+        "Slack"
+      ]
+    },
+    "username": {
+      "description": "A user account who is a member of the group.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "person-name": {
+      "description": "A person who is a member of the group.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "url": {
+      "description": "Original URL location of the group (potentially malicious).",
+      "ui-priority": 1,
+      "misp-attribute": "url"
+    },
+    "link": {
+      "description": "Original link into the group (Supposed harmless).",
+      "ui-priority": 1,
+      "misp-attribute": "link"
+    },
+    "archive": {
+      "description": "Archive of the original group (Internet Archive, Archive.is, etc).",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "link"
+    },
+    "attachment": {
+      "description": "A screen capture or exported list of contacts, group members, etc.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "attachment"
+    }
+  },
+  "version": 1,
+  "description": "Instant Message (IM) group object template describing a public or private IM group, channel or conversation.",
+  "meta-category": "misc",
+  "uuid": "e26becca-2149-4bc0-b3fb-7090d43af28f",
+  "name": "instant-message-group"
+}
--- a/objects/instant-message/definition.json
+++ b/objects/instant-message/definition.json
@ -0,0 +1,113 @@
+{
+  "requiredOneOf": [
+    "body",
+    "from",
+    "from-user"
+  ],
+  "attributes": {
+    "body": {
+      "description": "Message body of the IM.",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "from-number": {
+      "description": "Phone number used to send the message.",
+      "ui-priority": 1,
+      "misp-attribute": "phone-number",
+      "multiple": true
+    },
+    "to-number": {
+      "description": "Phone number receiving the message.",
+      "ui-priority": 1,
+      "misp-attribute": "phone-number",
+      "multiple": true
+    },
+    "from-user": {
+      "description": "User account that sent the message.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "to-user": {
+      "description": "User account that received the message.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "from-name": {
+      "description": "Name of the person that sent the message.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "to-name": {
+      "description": "Name of the person that received the message.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "subject": {
+      "description": "Subject of the message if any.",
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "app-used": {
+      "description": "The IM application used to send the message.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "sane_default": [
+        "WhatsApp",
+        "Google Hangouts",
+        "Facebook Messenger",
+        "Telegram",
+        "Signal",
+        "WeChat",
+        "BlackBerry Messenger",
+        "TeamSpeak",
+        "TorChat",
+        "RetroShare",
+        "Slack"
+      ]
+    },
+    "url": {
+      "description": "Original URL location of the message (potentially malicious).",
+      "ui-priority": 1,
+      "misp-attribute": "url"
+    },
+    "link": {
+      "description": "Original link into the message (Supposed harmless).",
+      "ui-priority": 1,
+      "misp-attribute": "link"
+    },
+    "archive": {
+      "description": "Archive of the original message (Internet Archive, Archive.is, etc).",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "link"
+    },
+    "attachment": {
+      "description": "The message file or screen capture.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "attachment"
+    },
+    "sent-date": {
+      "description": "Initial sent date of the message.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    },
+    "received-date": {
+      "description": "Received date of the message.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    }
+  },
+  "version": 1,
+  "description": "Instant Message (IM) object template describing one or more IM message.",
+  "meta-category": "misc",
+  "uuid": "5fa51a24-f40f-4696-a77e-d31e26bab5fc",
+  "name": "instant-message"
+}