MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #354 from 3c7/object/vt_submitter 

Added Object virustotal-submission
pull/358/head
Alexandre Dulaunoy 2022-04-26 23:22:46 +02:00 committed by GitHub
parent ea23d59185 3843974232
commit cd3f54747a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 95 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -372,6 +372,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/victim](https://github.com/MISP/misp-objects/blob/main/objects/victim/definition.json) - Victim object describes the target of an attack or abuse.
- [objects/virustotal-graph](https://github.com/MISP/misp-objects/blob/main/objects/virustotal-graph/definition.json) - VirusTotal graph.
- [objects/virustotal-report](https://github.com/MISP/misp-objects/blob/main/objects/virustotal-report/definition.json) - VirusTotal report.
- [objects/virustotal-submission](https://github.com/MISP/misp-objects/blob/main/objects/virustotal-submission/definition.json) - VirusTotal Submission.
- [objects/vulnerability](https://github.com/MISP/misp-objects/blob/main/objects/vulnerability/definition.json) - Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.
- [objects/weakness](https://github.com/MISP/misp-objects/blob/main/objects/weakness/definition.json) - Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.
- [objects/whois](https://github.com/MISP/misp-objects/blob/main/objects/whois/definition.json) - Whois records information for a domain name or an IP address.

77
objects/virustotal-submission/definition.json Normal file
View File

@ -0,0 +1,77 @@
{
"attributes": {
"city": {
"categories": [
"Other"
],
"description": "The city a file was uploaded from.",
"disable_correlation": true,
"misp-attribute": "text",
"to_ids": false,
"ui-priority": 0
},
"country": {
"categories": [
"Other"
],
"description": "The country a file was uploaded from.",
"disable_correlation": true,
"misp-attribute": "text",
"to_ids": false,
"ui-priority": 1
},
"date": {
"categories": [
"Other"
],
"description": "The upload date.",
"disable_correlation": true,
"misp-attribute": "datetime",
"to_ids": false,
"ui-priority": 0
},
"filename": {
"categories": [
"Payload delivery"
],
"description": "The filename used to submit a file.",
"disable_correlation": false,
"misp-attribute": "filename",
"to_ids": false,
"ui-priority": 0
},
"interface": {
"categories": [
"Other"
],
"description": "The interface used to upload a file.",
"disable_correlation": true,
"misp-attribute": "text",
"to_ids": false,
"ui-priority": 0,
"values_list": [
"web",
"api",
"email"
]
},
"submitter-id": {
"categories": [
"Other"
],
"description": "Submitter ID, given as source_key via the VT API.",
"disable_correlation": false,
"misp-attribute": "text",
"to_ids": false,
"ui-priority": 1
}
},
"description": "VirusTotal Submission",
"meta-category": "misc",
"name": "virustotal-submission",
"required": [
"submitter-id"
],
"uuid": "473d289b-f1d4-4f02-a4fe-3b69f534ed45",
"version": 1
}

18
relationships/definition.json
View File

@ -1336,7 +1336,23 @@
"misp"
],
"name": "has-met"
},
{
"description": "The referenced source object submitted the referenced target object (to an online anti virus scanner).",
"format": [
"misp"
],
"name": "submitted",
"opposite": "submitted-by"
},
{
"description": "The referenced source object was submitted (to an online anti virus scanner) by the referenced target object.",
"format": [
"misp"
],
"name": "submitted-by",
"opposite": "submitted"
}
],
"version": 33
"version": 34
}