chg: new script template object

Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts. Fix #101
2018-06-09 11:36:58 +02:00 · 2018-06-09 11:36:58 +02:00 · b6f12a9f46
parent 1ca25a39ad
commit b6f12a9f46
2 changed files with 63 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -111,6 +111,7 @@ for a specific attribute.
 * [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response.
 * [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox report object.
 * [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox detection signature object.
+* [objects/script](objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.
 * [objects/shortened-link](objects/shortened-link/definition.json) - Shortened link and its redirect target.
 * [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
 * [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
--- a/objects/script/definition.json
+++ b/objects/script/definition.json
@ -0,0 +1,62 @@
+{
+  "required": [
+    "script"
+  ],
+  "attributes": {
+    "script": {
+      "description": "Free text of the script.",
+      "ui-priority": 10,
+      "misp-attribute": "text"
+    },
+    "comment": {
+      "description": "Comment associated to the script.",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "language": {
+      "description": "Scripting language used for the script.",
+      "ui-priority": 9,
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "sane_default": [
+        "PowerShell",
+        "VBScript",
+        "Bash",
+        "Lua",
+        "JavaScript",
+        "AppleScript",
+        "AWK",
+        "Python",
+        "Perl",
+        "Ruby",
+        "Winbatch",
+        "AutoIt"
+      ]
+    },
+    "filename": {
+      "description": "Filename used for the script.",
+      "ui-priority": 8,
+      "misp-attribute": "filename",
+      "multiple": true,
+      "disable_correlation": true
+    },
+    "state": {
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "description": "Known state of the script.",
+      "multiple": true,
+      "disable_correlation": true,
+      "values_list": [
+        "Malicious",
+        "Unknown",
+        "Harmless",
+        "Trusted"
+      ]
+    }
+  },
+  "version": 1,
+  "description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
+  "meta-category": "misc",
+  "uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
+  "name": "script"
+}