Merge branch 'master' into haxpak/#24

README.md

@@ -82,6 +82,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 * [objects/cowrie](objects/cowrie/definition.json) - A cowrie object describes cowrie honeypot sessions.
 * [objects/credential](objects/credential/definition.json) - A credential object describes one or more credential(s) including password(s), api key(s) or decryption key(s).
 * [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target.
+* [objects/device](objects/device/definition.json) - An object to describe a device such as a computer, laptop or alike.
 * [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
 * [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
 * [objects/elf](objects/elf/definition.json) - Object describing an Executable and Linkable Format (ELF).
@@ -112,6 +113,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 * [objects/network-connection](objects/network-connection/definition.json) - Network object describes a local or remote network connection.
 * [objects/network-socket](objects/network-socket/definition.json) - Object to describe a local or remote network connections based on the socket data structure.
 * [objects/original-imported-file](objects/original-imported-file/definition.json) - Object to describe the original files used to import data in MISP.
+* [objects/organization](objects/organization/definition.json) - An object which describes an organization.
 * [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in [draft-dulaunoy-dnsop-passive-dns-cof-01](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01).
 * [objects/paste](objects/paste/definition.json) - Object describing a paste or similar post from a website allowing to share privately or publicly posts.
 * [objects/pe](objects/pe/definition.json) - Portable Executable (PE) object.

objects/organization/definition.json

@@ -69,7 +69,7 @@
   },
   "version": 1,
   "description": "An object which describes an organization.",
-  "meta-category": "organization",
+  "meta-category": "misc",
   "uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a",
-  "name": "organization"
+  "name": "misc"
 }

objects/phishing-kit/definition.json

@@ -0,0 +1,96 @@
+{
+  "name": "phishing-kit",
+  "uuid": "f452c16b-12fa-4f87-84a2-15a9e8ca6e7c",
+  "meta-category": "network",
+  "description": "Oject to describe a phishing-kit.",
+  "version": 2,
+  "attributes": {
+    "internal reference": {
+      "categories": [
+        "Internal reference"
+      ],
+      "misp-attribute": "text",
+      "ui-priority": 1,
+      "description": "Internal reference such as ticket ID"
+    },
+    "date-found": {
+      "multiple": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0,
+      "description": "Date when the phishing kit was found",
+      "to_ids": false,
+      "disable_correlation": true
+    },
+    "reference-link": {
+      "to_ids": false,
+      "multiple": true,
+      "ui-priority": 1,
+      "misp-attribute": "link",
+      "description": "Link where the Phishing Kit was observed"
+    },
+    "threat-actor-email": {
+      "description": "Email of the Threat Actor",
+      "multiple": true,
+      "ui-priority": 0,
+      "misp-attribute": "email-src"
+    },
+    "email-type": {
+      "description": "Type of the Email",
+      "multiple": false,
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "disable_correlation": true
+    },
+    "kit-mailer": {
+      "description": "Mailer Kit Used",
+      "multiple": true,
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "disable_correlation": true
+    },
+    "target": {
+      "description": "What was targeted using this phishing kit",
+      "multiple": true,
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "phishing-domain": {
+      "description": "Domain used for Phishing",
+      "multiple": true,
+      "ui-priority": 1,
+      "misp-attribute": "url"
+    },
+    "online": {
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "values_list": [
+        "Yes",
+        "No"
+      ],
+      "ui-priority": 0,
+      "description": "If the phishing kit is online and operational, by default is yes"
+    },
+    "kit-url": {
+      "misp-attribute": "url",
+      "ui-priority": 1,
+      "description": "URL of Phishing Kit"
+    },
+    "threat-actor": {
+      "description": "Identified threat actor",
+      "ui-priority": 0,
+      "multiple": true,
+      "misp-attribute": "text"
+    },
+    "kit-name": {
+      "description": "Name of the Phishing Kit",
+      "ui-priority": 10,
+      "misp-attribute": "text"
+    }
+  },
+  "requiredOneOf": [
+    "kit-url",
+    "reference-link",
+    "kit-name",
+    "kit-hash"
+  ]
+}

relationships/definition.json

@@ -939,7 +939,8 @@
       "name": "creates",
       "description": "Represents an object that creates something.",
       "format": [
-        "misp"
+        "misp",
+        "haxpak"
       ]
     }
   ],

schema_objects.json

@@ -68,8 +68,7 @@
         "financial",
         "misc",
         "internal",
-        "vulnerability",
+        "vulnerability"
-        "organization"
       ]
     },
     "name": {