mirror of https://github.com/MISP/misp-objects
new: [objects] blog, forged-document, leaked-document, meme-image
parent
9ce275dcf0
commit
84909f1ff2
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
"requiredOneOf": [
|
||||
"post"
|
||||
],
|
||||
"attributes": {
|
||||
"post": {
|
||||
"description": "Raw post.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the blog post (potentially malicious).",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "url"
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link into the blog post (Supposed harmless).",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "link"
|
||||
},
|
||||
"type": {
|
||||
"description": "Type of blog post.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"Medium",
|
||||
"WordPress",
|
||||
"Blogger",
|
||||
"Tumbler",
|
||||
"LiveJournal",
|
||||
"Forum",
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"username": {
|
||||
"description": "Username who posted the blog post.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"verified-username": {
|
||||
"description": "Is the username account verified by the operator of the blog platform.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"values_list": [
|
||||
"Verified",
|
||||
"Unverified",
|
||||
"Unknown"
|
||||
]
|
||||
},
|
||||
"creation-date": {
|
||||
"description": "Initial creation of the blog post.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"modification-date": {
|
||||
"description": "Last update of the blog post.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"embedded-link": {
|
||||
"description": "Site linked by the blog post.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "url",
|
||||
"multiple": true
|
||||
},
|
||||
"embedded-safe-link": {
|
||||
"description": "Safe site linked by the blog post.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true
|
||||
},
|
||||
"removal-date": {
|
||||
"description": "When the blog post was removed.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"username-quoted": {
|
||||
"description": "Username who are quoted into the blog post.",
|
||||
"ui-priority": 0,
|
||||
"multiple": true,
|
||||
"misp-attribute": "text"
|
||||
}
|
||||
},
|
||||
"version": 11,
|
||||
"description": "Blog post like Medium or WordPress.",
|
||||
"meta-category": "misc",
|
||||
"uuid": "1f165fc0-b158-498f-8bc8-6dc3d2822bb1",
|
||||
"name": "blog"
|
||||
}
|
|
@ -0,0 +1,100 @@
|
|||
{
|
||||
"requiredOneOf": [
|
||||
"document-name",
|
||||
"attachment",
|
||||
"document-text"
|
||||
],
|
||||
"attributes": {
|
||||
"purpose-of-document": {
|
||||
"description": "What the document is used for.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"sane_default": [
|
||||
"Identification",
|
||||
"Travel",
|
||||
"Health",
|
||||
"Legal",
|
||||
"Financial",
|
||||
"Government",
|
||||
"Military",
|
||||
"Media",
|
||||
"Communication",
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"document-type": {
|
||||
"description": "The type of document (not the file type).",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"email",
|
||||
"letterhead",
|
||||
"speech",
|
||||
"literature",
|
||||
"photo",
|
||||
"audio",
|
||||
"invoice",
|
||||
"receipt",
|
||||
"other"
|
||||
]
|
||||
},
|
||||
"attachment": {
|
||||
"description": "The forged document file.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "attachment"
|
||||
},
|
||||
"document-name": {
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0,
|
||||
"description": "Title of the document."
|
||||
},
|
||||
"document-text": {
|
||||
"description": "Raw text of document",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the document (potentially malicious)",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "url"
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link into the document (Supposed harmless)",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "link"
|
||||
},
|
||||
"objective": {
|
||||
"description": "Objective of the forged document.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"sane_default": [
|
||||
"Disinformation",
|
||||
"Advertising",
|
||||
"Parody",
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"last-seen": {
|
||||
"description": "When the document has been accessible or seen for the last time.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"first-seen": {
|
||||
"description": "When the document has been accessible or seen for the first time.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
}
|
||||
},
|
||||
"version": 5,
|
||||
"description": "Object describing a forged document.",
|
||||
"meta-category": "file",
|
||||
"uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21",
|
||||
"name": "forged-document"
|
||||
}
|
|
@ -0,0 +1,106 @@
|
|||
{
|
||||
"requiredOneOf": [
|
||||
"document-name",
|
||||
"attachment",
|
||||
"document-text"
|
||||
],
|
||||
"attributes": {
|
||||
"origin": {
|
||||
"description": "Original source of leaked document.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"purpose-of-document": {
|
||||
"description": "What the document is used for.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"sane_default": [
|
||||
"Identification",
|
||||
"Travel",
|
||||
"Health",
|
||||
"Legal",
|
||||
"Financial",
|
||||
"Government",
|
||||
"Military",
|
||||
"Media",
|
||||
"Communication",
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"document-type": {
|
||||
"description": "The type of document (not the file type).",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"email",
|
||||
"letterhead",
|
||||
"speech",
|
||||
"literature",
|
||||
"photo",
|
||||
"audio",
|
||||
"invoice",
|
||||
"receipt",
|
||||
"other"
|
||||
]
|
||||
},
|
||||
"attachment": {
|
||||
"description": "The leaked document file.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "attachment"
|
||||
},
|
||||
"document-name": {
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0,
|
||||
"description": "Title of the document."
|
||||
},
|
||||
"document-text": {
|
||||
"description": "Raw text of document",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the document (potentially malicious)",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "url"
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link into the document (Supposed harmless)",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "link"
|
||||
},
|
||||
"objective": {
|
||||
"description": "Reason for leaking the document.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"sane_default": [
|
||||
"Disinformation",
|
||||
"Influence",
|
||||
"Whistleblowing",
|
||||
"Extortion",
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"last-seen": {
|
||||
"description": "When the document has been accessible or seen for the last time.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"first-seen": {
|
||||
"description": "When the document has been accessible or seen for the first time.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
}
|
||||
},
|
||||
"version": 5,
|
||||
"description": "Object describing a leaked document.",
|
||||
"meta-category": "file",
|
||||
"uuid": "ea145ecd-b3c2-4f57-ac11-c16e883c4247",
|
||||
"name": "leaked-document"
|
||||
}
|
|
@ -0,0 +1,100 @@
|
|||
{
|
||||
"requiredOneOf": [
|
||||
"attachment",
|
||||
"document-text"
|
||||
],
|
||||
"attributes": {
|
||||
"username": {
|
||||
"description": "Username who posted the meme.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"5Ds-of-propaganda": {
|
||||
"description": "5 D's of propaganda are tactics of rebuttal used to defend against criticism and adversarial narratives.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"values_list": [
|
||||
"dismiss",
|
||||
"distort",
|
||||
"distract",
|
||||
"dismay",
|
||||
"divide"
|
||||
]
|
||||
},
|
||||
"attachment": {
|
||||
"description": "The image file.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "attachment"
|
||||
},
|
||||
"document-text": {
|
||||
"description": "Raw text of meme",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"meme-reference": {
|
||||
"description": "A link to know-your-meme or similar reference material.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "link"
|
||||
},
|
||||
"a/b-test": {
|
||||
"description": "A flag to define if this meme is part of an a/b test. If set to true, it is part of an a/b test set.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "boolean"
|
||||
},
|
||||
"crosspost": {
|
||||
"description": "Safe site where the meme has been posted.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "link",
|
||||
"multiple": true
|
||||
},
|
||||
"crosspost-unsafe": {
|
||||
"description": "Unsafe site where the meme has been posted.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "url",
|
||||
"multiple": true
|
||||
},
|
||||
"url": {
|
||||
"description": "Original URL location of the meme (potentially malicious)",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "url"
|
||||
},
|
||||
"link": {
|
||||
"description": "Original link into the meme (Supposed harmless)",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "link"
|
||||
},
|
||||
"objective": {
|
||||
"description": "Objective of the meme.",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"sane_default": [
|
||||
"Disinformation",
|
||||
"Advertising",
|
||||
"Parody",
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"last-seen": {
|
||||
"description": "When the meme has been accessible or seen for the last time.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"first-seen": {
|
||||
"description": "When the meme has been accessible or seen for the first time.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
}
|
||||
},
|
||||
"version": 5,
|
||||
"description": "Object describing a meme (image).",
|
||||
"meta-category": "file",
|
||||
"uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21",
|
||||
"name": "forged-document"
|
||||
}
|
Loading…
Reference in New Issue