From cf5687b50d685fc6d7cef084692df0d2728451f3 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Fri, 29 May 2020 21:10:02 -0400 Subject: [PATCH] new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. --- objects/image/definition.json | 50 ++++++++++ objects/twitter-account/definition.json | 111 +++++++++++++++++++++ objects/twitter-list/definition.json | 88 +++++++++++++++++ objects/twitter-post/definition.json | 120 +++++++++++++++++++++++ objects/youtube-channel/definition.json | 77 +++++++++++++++ objects/youtube-comment/definition.json | 88 +++++++++++++++++ objects/youtube-playlist/definition.json | 59 +++++++++++ objects/youtube-video/definition.json | 88 +++++++++++++++++ 8 files changed, 681 insertions(+) create mode 100644 objects/image/definition.json create mode 100644 objects/twitter-account/definition.json create mode 100644 objects/twitter-list/definition.json create mode 100644 objects/twitter-post/definition.json create mode 100644 objects/youtube-channel/definition.json create mode 100644 objects/youtube-comment/definition.json create mode 100644 objects/youtube-playlist/definition.json create mode 100644 objects/youtube-video/definition.json diff --git a/objects/image/definition.json b/objects/image/definition.json new file mode 100644 index 0000000..484f127 --- /dev/null +++ b/objects/image/definition.json @@ -0,0 +1,50 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the image (Internet Archive, Archive.is, etc).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "The image file.", + "misp-attribute": "attachment", + "ui-priority": 1 + }, + "filename": { + "description": "The image filename.", + "misp-attribute": "filename", + "ui-priority": 1 + }, + "image-text": { + "description": "Raw text of image", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link into the image (Supposed harmless)", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the image (potentially malicious)", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username": { + "description": "Username who posted the image.", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "Object describing an image file.", + "meta-category": "file", + "name": "image", + "requiredOneOf": [ + "attachment", + "archive", + "link" + ], + "uuid": "ca78ec03-3321-4ed3-9840-9bfd52b91d82", + "version": 1 +} \ No newline at end of file diff --git a/objects/twitter-account/definition.json b/objects/twitter-account/definition.json new file mode 100644 index 0000000..f17a6b6 --- /dev/null +++ b/objects/twitter-account/definition.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the account (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the user.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "displayed-name": { + "description": "Displayed name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the user description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the user description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "followers": { + "description": "number of followers.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "friends": { + "description": "Number of friends.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "hashtag": { + "description": "Hashtag embedded in the user description.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "id": { + "description": "Numeric account id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the user (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "listed": { + "description": "Number of lists the user is on.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "location": { + "description": "User description of location.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "name": { + "description": "User's screen name (without the @).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the user (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "verified": { + "description": "User verified.", + "misp-attribute": "text", + "sane_default": [ + "True", + "False" + ], + "ui-priority": 1 + } + }, + "description": "Twitter account.", + "meta-category": "misc", + "name": "twitter-account", + "requiredOneOf": [ + "name", + "id", + "description", + "archive", + "link" + ], + "uuid": "8066563f-881e-4f6a-9d6c-a9d15b8658bb", + "version": 1 +} \ No newline at end of file diff --git a/objects/twitter-list/definition.json b/objects/twitter-list/definition.json new file mode 100644 index 0000000..f264302 --- /dev/null +++ b/objects/twitter-list/definition.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the account (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the list.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "displayed-name": { + "description": "Displayed name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "to_ids": false, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag embedded in the description.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "id": { + "description": "Numeric list id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the list (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "name": { + "description": "List's screen name (without the @).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the list (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "user-id": { + "description": "Id of the account that manages this list.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "user-name": { + "description": "Name of the account that manages this list (without the @).", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "Twitter list.", + "meta-category": "misc", + "name": "twitter-list", + "requiredOneOf": [ + "name", + "id", + "description", + "archive", + "link" + ], + "uuid": "7ae81d5c-d9d8-4812-88a7-5f14fba241da", + "version": 1 +} \ No newline at end of file diff --git a/objects/twitter-post/definition.json b/objects/twitter-post/definition.json new file mode 100644 index 0000000..627bdcd --- /dev/null +++ b/objects/twitter-post/definition.json @@ -0,0 +1,120 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original tweet (Internet Archive, Archive.is, etc).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "The tweet file or screen capture.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link in the tweet", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Safe link in the tweet", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag embedded in the tweet", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "in-reply-to-display-name": { + "description": "The user display name of the tweet this post shares.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "in-reply-to-status-id": { + "description": "The twitter ID of the tweet that this post shares.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "in-reply-to-user-id": { + "description": "The user ID of the tweet this post shares.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "language": { + "description": "The language of the post.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the post (supposed harmless).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "post": { + "description": "Raw text of the post.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "post-id": { + "description": "Numeric id of the tweet.", + "misp-attribute": "post-id", + "ui-priority": 0 + }, + "removal-date": { + "description": "When the tweet was removed.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "source": { + "description": "Source of tweet (android, web etc).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL of the tweet, e.g. link shortener (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 1 + }, + "user-id": { + "description": "Id of the account that posted this tweet.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "user-name": { + "description": "Name of the account that posted this tweet.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "username-quoted": { + "description": "Username who is quoted in the tweet.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "Twitter post (tweet).", + "meta-category": "misc", + "name": "twitter-post", + "requiredOneOf": [ + "post", + "post-id", + "archive", + "url", + "link", + "attachment" + ], + "uuid": "d1214031-ce1b-4a35-bd33-644c707bda2e", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-channel/definition.json b/objects/youtube-channel/definition.json new file mode 100644 index 0000000..be07d9f --- /dev/null +++ b/objects/youtube-channel/definition.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "about": { + "description": "About page of the channel.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "archive": { + "description": "Archive of the channel (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-avatar": { + "description": "A screen capture or exported channel avatar.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-banner": { + "description": "A screen capture or exported channel header.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-id": { + "description": "Channel id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "channel-name": { + "description": "Channel name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the channel.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "featured-channel": { + "description": "Featured channel names.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "link": { + "description": "Original link to the channel page (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the page (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + } + }, + "description": "A YouTube channel.", + "meta-category": "misc", + "name": "youtube-channel", + "requiredOneOf": [ + "channel-name", + "channel-id", + "archive", + "link" + ], + "uuid": "cb9f492b-9930-4388-98e1-5d0cdcfa51df", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-comment/definition.json b/objects/youtube-comment/definition.json new file mode 100644 index 0000000..5e2ffb6 --- /dev/null +++ b/objects/youtube-comment/definition.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original comment (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported comment.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-name": { + "description": "The name of the channel where it was posted.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "comment": { + "description": "The raw text of the YouTube video comment.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the comment.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the comment (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the comment (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used in the comment.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the comment (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the comment (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "user-account": { + "description": "The user account that commented on the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the comment.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "video-title": { + "description": "The title of the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "A YouTube video comment.", + "meta-category": "misc", + "name": "youtube-comment", + "requiredOneOf": [ + "comment", + "archive", + "link" + ], + "uuid": "218bc1ae-c5ee-452b-895d-a26e0beaa550", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-playlist/definition.json b/objects/youtube-playlist/definition.json new file mode 100644 index 0000000..e4afaa1 --- /dev/null +++ b/objects/youtube-playlist/definition.json @@ -0,0 +1,59 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the playlist (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the playlist.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the playlist page (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "playlist-id": { + "description": "Playlist id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "playlist-name": { + "description": "Playlist name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the page (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "video-link": { + "description": "Link to the video in playlist (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + } + }, + "description": "A YouTube playlist.", + "meta-category": "misc", + "name": "youtube-playlist", + "requiredOneOf": [ + "playlist-name", + "playlist-id", + "archive", + "link" + ], + "uuid": "5a5e7441-c048-4e4b-bab7-642a91d30935", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-video/definition.json b/objects/youtube-video/definition.json new file mode 100644 index 0000000..c61e064 --- /dev/null +++ b/objects/youtube-video/definition.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original YouTube video (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported YouTube video.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-name": { + "description": "The name of the channel where it was posted.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the YouTube video.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the YouTube video description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the YouTube video description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the YouTube video.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the YouTube video (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the YouTube video (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the YouTube video or description.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "video-title": { + "description": "The title of the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "video-transcript": { + "description": "The YouTube video transcript (closed captions).", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "A YouTube video.", + "meta-category": "misc", + "name": "youtube-video", + "requiredOneOf": [ + "video-title", + "archive", + "link" + ], + "uuid": "2bd68462-a509-4320-b5c6-760a57fd1a80", + "version": 1 +} \ No newline at end of file