From bb9ff86b2ff61d3977807b99d57bc271ef17417a Mon Sep 17 00:00:00 2001 From: haxpak Date: Sun, 14 Apr 2019 10:53:57 +0530 Subject: [PATCH] added MAC address to device meta category of organization changed to organization meta category of person object changed to organization new object phishing-kit --- objects/device/definition.json | 10 ++- objects/organization/definition.json | 2 +- objects/person/definition.json | 2 +- objects/phishing-kit/definition.json | 97 ++++++++++++++++++++++++++++ 4 files changed, 107 insertions(+), 4 deletions(-) create mode 100644 objects/phishing-kit/definition.json diff --git a/objects/device/definition.json b/objects/device/definition.json index 4826bdd..3a04004 100644 --- a/objects/device/definition.json +++ b/objects/device/definition.json @@ -40,7 +40,13 @@ "ip-address": { "description": "Device IP address", "ui-priority": 0, - "misp-attribute": "ip-src" + "misp-attribute": "ip-src", + "multiple" : true + }, + "MAC-address": { + "description": "Device MAC address", + "ui-priority": 0, + "misp-attribute": "text" }, "analysis-date": { "description": "Date of device analysis", @@ -54,7 +60,7 @@ "multiple": true } }, - "version": 3, + "version": 4, "description": "An object to define a device", "meta-category": "misc", "uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52", diff --git a/objects/organization/definition.json b/objects/organization/definition.json index 966a8f5..923bdc2 100644 --- a/objects/organization/definition.json +++ b/objects/organization/definition.json @@ -69,7 +69,7 @@ }, "version": 1, "description": "An object which describes an organization.", - "meta-category": "misc", + "meta-category": "organization", "uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a", "name": "organization" } diff --git a/objects/person/definition.json b/objects/person/definition.json index 59de239..2359536 100644 --- a/objects/person/definition.json +++ b/objects/person/definition.json @@ -190,7 +190,7 @@ }, "version": 9, "description": "An object which describes a person or an identity.", - "meta-category": "misc", + "meta-category": "organization", "uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", "name": "person" } diff --git a/objects/phishing-kit/definition.json b/objects/phishing-kit/definition.json new file mode 100644 index 0000000..7ac2e42 --- /dev/null +++ b/objects/phishing-kit/definition.json @@ -0,0 +1,97 @@ + +{ + "name": "phishing-kit", + "uuid": "e08eea9b-5776-4014-9b0e-a821ee890143", + "meta-category": "network", + "description": "Oject to describe a phishing-kit.", + "version": 1, + "attributes": { + "internal reference": { + "categories": [ + "Internal reference" + ], + "misp-attribute": "text", + "ui-priority": 1, + "description": "Internal reference such as ticket ID" + }, + "date-found": { + "multiple": true, + "misp-attribute": "datetime", + "ui-priority": 0, + "description": "Date when the phishing kit was found", + "to_ids" : false, + "disable_correlation" : true + }, + "reference-link": { + "to_ids": false, + "multiple": true, + "ui-priority": 1, + "misp-attribute": "link", + "description": "Link where the Phishing Kit was observed" + }, + "threat-actor-email" : { + "description" : "Email of the Threat Actor", + "multiple" : true, + "ui-priority" : 0, + "misp-attribute" : "email-src" + }, + "email-type" : { + "description" : "Type of the Email", + "multiple" : false, + "ui-priority" : 0, + "misp-attribute" : "text", + "disable_correlation" : true + }, + "kit-mailer" : { + "description" : "Mailer Kit Used", + "multiple" : true, + "ui-priority" : 0, + "misp-attribute" : "text", + "disable_correlation" : true + }, + "target" :{ + "description" : "What was targeted using this phishing kit", + "multiple" : true, + "ui-priority" : 1, + "misp-attribute" : "text" + }, + "phishing-domain" : { + "description" : "Domain used for Phishing", + "multiple" : true, + "ui-priority" : 1, + "misp-attribute" : "url" + }, + "online": { + "disable_correlation": true, + "misp-attribute": "text", + "values_list": [ + "Yes", + "No" + ], + "ui-priority": 0, + "description": "If the phishing kit is online and operational, by default is yes" + }, + "kit-url": { + "misp-attribute": "url", + "ui-priority": 1, + "description": "URL of Phishing Kit" + }, + "threat-actor" : { + "description" : "Identified threat actor", + "ui-priority" : 0, + "multiple" : true, + "misp-attribute" : "text" + }, + "kit-name" : { + "description" : "Name of the Phishing Kit", + "ui-priority" : 10, + "misp-attribute" : "text" + } + }, + "requiredOneOf": [ + "kit-url", + "reference-link", + "kit-name", + "kit-hash" + ] +}