MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Added need/want for decryptor and data deletion

pull/355/head
matthijsvp 2022-05-06 13:25:31 +02:00
parent 33458100e4
commit 7480c51533
1 changed files with 36 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
objects/ransom-negotiation/definition.json
View File

@ -4,97 +4,117 @@
"description": "A cryptocoin wallet address", "description": "A cryptocoin wallet address",
"disable_correlation": false, "disable_correlation": false,
"misp-attribute": "btc", "misp-attribute": "btc",
"ui-priority": 9 "ui-priority": 930
}, },
"time": { "time": {
"description": "Date and time of transaction", "description": "Date and time of transaction",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"ui-priority": 10 "ui-priority": 940
}, },
"initial_ransom": { "initial_ransom": {
"description": "Initial ransom demand in the currency as displayed in field 'currency'", "description": "Initial ransom demand in the currency as displayed in field 'currency'",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 15 "ui-priority": 900
}, },
"final_ransom":{ "final_ransom":{
"description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'", "description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 14 "ui-priority": 980
}, },
"currency":{ "currency":{
"description": "The currency of the initial demand. Often USD or BTC.", "description": "The currency of the initial demand. Often USD or BTC.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 12 "ui-priority": 960
}, },
"value_EUR": { "value_EUR": {
"description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'", "description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 11 "ui-priority": 950
}, },
"annual_revenue_EUR": { "annual_revenue_EUR": {
"description": "Annual revenue of the targeted organisation in EUR", "description": "Annual revenue of the targeted organisation in EUR",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 8 "ui-priority": 920
}, },
"data_stolen": { "data_stolen": {
"description": "Was data exfiltrated in this incident?", "description": "Was data exfiltrated in this incident?",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"ui-priority": 6 "ui-priority": 900
}, },
"data_leaked": { "data_leaked": {
"description": "Was data leaked in this incident?", "description": "Was data leaked in this incident?",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"ui-priority": 5 "ui-priority": 890
}, },
"url_leaksite": { "url_leaksite": {
"description": "URL of the leaksite", "description": "URL of the leaksite",
"disable_correlation": false, "disable_correlation": false,
"misp-attribute": "url", "misp-attribute": "url",
"ui-priority": 4 "ui-priority": 880
}, },
"email_address": { "email_address": {
"description": "Contact address, if any", "description": "Contact address, if any",
"disable_correlation": false, "disable_correlation": false,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 3 "ui-priority": 870
}, },
"Remarks": { "Remarks": {
"description": "Remarks", "description": "Remarks",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 2 "ui-priority": 860
}, },
"percentage_of_revenue": { "percentage_of_revenue": {
"description": "Percentage of the annual revenue that the ransom demand amounts to", "description": "Percentage of the annual revenue that the ransom demand amounts to",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 7 "ui-priority": 910
},
"pay_for_encryptor": {
"description": "Does the target needs/wants to pay for the decryptor",
"disable_correlation": true,
"misp-attribute": "boolean",
"ui-priority": 908,
"sane_default": [
"True",
"False"
],
},
"pay_for_deletion": {
"description": "Does the target needs/wants to pay for data deletion",
"disable_correlation": true,
"misp-attribute": "boolean",
"ui-priority": 906,
"sane_default": [
"True",
"False"
],
}, },
"negotiations_transcript": { "negotiations_transcript": {
"description": "Transcript of the negotiations", "description": "Transcript of the negotiations",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 850
}, },
"negotiations_screenshot": { "negotiations_screenshot": {
"description": "Screenshot of the negotiations", "description": "Screenshot of the negotiations",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "attachment", "misp-attribute": "attachment",
"ui-priority": 0 "ui-priority": 840
}, },
"discount": { "discount": {
"description": "Discount after negotiations", "description": "Discount after negotiations",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 13 "ui-priority": 970
} }
}, },
"description": "An object to describe ransom negotiations, as seen in ransomware incidents.", "description": "An object to describe ransom negotiations, as seen in ransomware incidents.",