diff --git a/objects/blog/definition.json b/objects/blog/definition.json new file mode 100644 index 0000000..474274b --- /dev/null +++ b/objects/blog/definition.json @@ -0,0 +1,91 @@ +{ + "requiredOneOf": [ + "post" + ], + "attributes": { + "post": { + "description": "Raw post.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "url": { + "description": "Original URL location of the blog post (potentially malicious).", + "ui-priority": 1, + "misp-attribute": "url" + }, + "link": { + "description": "Original link into the blog post (Supposed harmless).", + "ui-priority": 1, + "misp-attribute": "link" + }, + "type": { + "description": "Type of blog post.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "sane_default": [ + "Medium", + "WordPress", + "Blogger", + "Tumbler", + "LiveJournal", + "Forum", + "Other" + ] + }, + "username": { + "description": "Username who posted the blog post.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "verified-username": { + "description": "Is the username account verified by the operator of the blog platform.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true, + "values_list": [ + "Verified", + "Unverified", + "Unknown" + ] + }, + "creation-date": { + "description": "Initial creation of the blog post.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "modification-date": { + "description": "Last update of the blog post.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "embedded-link": { + "description": "Site linked by the blog post.", + "ui-priority": 0, + "misp-attribute": "url", + "multiple": true + }, + "embedded-safe-link": { + "description": "Safe site linked by the blog post.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + }, + "removal-date": { + "description": "When the blog post was removed.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "username-quoted": { + "description": "Username who are quoted into the blog post.", + "ui-priority": 0, + "multiple": true, + "misp-attribute": "text" + } + }, + "version": 11, + "description": "Blog post like Medium or WordPress.", + "meta-category": "misc", + "uuid": "1f165fc0-b158-498f-8bc8-6dc3d2822bb1", + "name": "blog" +} diff --git a/objects/forged-document/definition.json b/objects/forged-document/definition.json new file mode 100644 index 0000000..5ed512e --- /dev/null +++ b/objects/forged-document/definition.json @@ -0,0 +1,100 @@ +{ + "requiredOneOf": [ + "document-name", + "attachment", + "document-text" + ], + "attributes": { + "purpose-of-document": { + "description": "What the document is used for.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Identification", + "Travel", + "Health", + "Legal", + "Financial", + "Government", + "Military", + "Media", + "Communication", + "Other" + ] + }, + "document-type": { + "description": "The type of document (not the file type).", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "sane_default": [ + "email", + "letterhead", + "speech", + "literature", + "photo", + "audio", + "invoice", + "receipt", + "other" + ] + }, + "attachment": { + "description": "The forged document file.", + "ui-priority": 1, + "misp-attribute": "attachment" + }, + "document-name": { + "misp-attribute": "text", + "ui-priority": 0, + "description": "Title of the document." + }, + "document-text": { + "description": "Raw text of document", + "ui-priority": 1, + "misp-attribute": "text" + }, + "url": { + "description": "Original URL location of the document (potentially malicious)", + "ui-priority": 1, + "misp-attribute": "url" + }, + "link": { + "description": "Original link into the document (Supposed harmless)", + "ui-priority": 1, + "misp-attribute": "link" + }, + "objective": { + "description": "Objective of the forged document.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Disinformation", + "Advertising", + "Parody", + "Other" + ] + }, + "last-seen": { + "description": "When the document has been accessible or seen for the last time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "first-seen": { + "description": "When the document has been accessible or seen for the first time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 5, + "description": "Object describing a forged document.", + "meta-category": "file", + "uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21", + "name": "forged-document" +} diff --git a/objects/leaked-document/definition.json b/objects/leaked-document/definition.json new file mode 100644 index 0000000..ad6f178 --- /dev/null +++ b/objects/leaked-document/definition.json @@ -0,0 +1,106 @@ +{ + "requiredOneOf": [ + "document-name", + "attachment", + "document-text" + ], + "attributes": { + "origin": { + "description": "Original source of leaked document.", + "ui-priority": 1, + "misp-attribute": "text" + }, + "purpose-of-document": { + "description": "What the document is used for.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Identification", + "Travel", + "Health", + "Legal", + "Financial", + "Government", + "Military", + "Media", + "Communication", + "Other" + ] + }, + "document-type": { + "description": "The type of document (not the file type).", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "sane_default": [ + "email", + "letterhead", + "speech", + "literature", + "photo", + "audio", + "invoice", + "receipt", + "other" + ] + }, + "attachment": { + "description": "The leaked document file.", + "ui-priority": 1, + "misp-attribute": "attachment" + }, + "document-name": { + "misp-attribute": "text", + "ui-priority": 0, + "description": "Title of the document." + }, + "document-text": { + "description": "Raw text of document", + "ui-priority": 1, + "misp-attribute": "text" + }, + "url": { + "description": "Original URL location of the document (potentially malicious)", + "ui-priority": 1, + "misp-attribute": "url" + }, + "link": { + "description": "Original link into the document (Supposed harmless)", + "ui-priority": 1, + "misp-attribute": "link" + }, + "objective": { + "description": "Reason for leaking the document.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Disinformation", + "Influence", + "Whistleblowing", + "Extortion", + "Other" + ] + }, + "last-seen": { + "description": "When the document has been accessible or seen for the last time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "first-seen": { + "description": "When the document has been accessible or seen for the first time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 5, + "description": "Object describing a leaked document.", + "meta-category": "file", + "uuid": "ea145ecd-b3c2-4f57-ac11-c16e883c4247", + "name": "leaked-document" +} diff --git a/objects/meme-image/definition.json b/objects/meme-image/definition.json new file mode 100644 index 0000000..122c7c8 --- /dev/null +++ b/objects/meme-image/definition.json @@ -0,0 +1,100 @@ +{ + "requiredOneOf": [ + "attachment", + "document-text" + ], + "attributes": { + "username": { + "description": "Username who posted the meme.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "5Ds-of-propaganda": { + "description": "5 D's of propaganda are tactics of rebuttal used to defend against criticism and adversarial narratives.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "values_list": [ + "dismiss", + "distort", + "distract", + "dismay", + "divide" + ] + }, + "attachment": { + "description": "The image file.", + "ui-priority": 1, + "misp-attribute": "attachment" + }, + "document-text": { + "description": "Raw text of meme", + "ui-priority": 1, + "misp-attribute": "text" + }, + "meme-reference": { + "description": "A link to know-your-meme or similar reference material.", + "ui-priority": 1, + "misp-attribute": "link" + }, + "a/b-test": { + "description": "A flag to define if this meme is part of an a/b test. If set to true, it is part of an a/b test set.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "boolean" + }, + "crosspost": { + "description": "Safe site where the meme has been posted.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + }, + "crosspost-unsafe": { + "description": "Unsafe site where the meme has been posted.", + "ui-priority": 0, + "misp-attribute": "url", + "multiple": true + }, + "url": { + "description": "Original URL location of the meme (potentially malicious)", + "ui-priority": 1, + "misp-attribute": "url" + }, + "link": { + "description": "Original link into the meme (Supposed harmless)", + "ui-priority": 1, + "misp-attribute": "link" + }, + "objective": { + "description": "Objective of the meme.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true, + "sane_default": [ + "Disinformation", + "Advertising", + "Parody", + "Other" + ] + }, + "last-seen": { + "description": "When the meme has been accessible or seen for the last time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "first-seen": { + "description": "When the meme has been accessible or seen for the first time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 5, + "description": "Object describing a meme (image).", + "meta-category": "file", + "uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21", + "name": "forged-document" +}