MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

bumped version number, fixed stray typo

pull/355/head
matthijsvp 2022-05-06 13:38:11 +02:00
parent 7480c51533
commit dcf34a680f
1 changed files with 78 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
objects/ransom-negotiation/definition.json
View File

@ -1,40 +1,10 @@
{ {
"attributes": { "attributes": {
"wallet-address": { "Remarks": {
"description": "A cryptocoin wallet address", "description": "Remarks",
"disable_correlation": false,
"misp-attribute": "btc",
"ui-priority": 930
},
"time": {
"description": "Date and time of transaction",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 940
},
"initial_ransom": {
"description": "Initial ransom demand in the currency as displayed in field 'currency'",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 900
},
"final_ransom":{
"description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 980
},
"currency":{
"description": "The currency of the initial demand. Often USD or BTC.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 960 "ui-priority": 860
},
"value_EUR": {
"description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 950
}, },
"annual_revenue_EUR": { "annual_revenue_EUR": {
"description": "Annual revenue of the targeted organisation in EUR", "description": "Annual revenue of the targeted organisation in EUR",
@ -42,11 +12,11 @@
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 920 "ui-priority": 920
}, },
"data_stolen": { "currency": {
"description": "Was data exfiltrated in this incident?", "description": "The currency of the initial demand. Often USD or BTC.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "text",
"ui-priority": 900 "ui-priority": 960
}, },
"data_leaked": { "data_leaked": {
"description": "Was data leaked in this incident?", "description": "Was data leaked in this incident?",
@ -54,11 +24,17 @@
"misp-attribute": "boolean", "misp-attribute": "boolean",
"ui-priority": 890 "ui-priority": 890
}, },
"url_leaksite": { "data_stolen": {
"description": "URL of the leaksite", "description": "Was data exfiltrated in this incident?",
"disable_correlation": false, "disable_correlation": true,
"misp-attribute": "url", "misp-attribute": "boolean",
"ui-priority": 880 "ui-priority": 900
},
"discount": {
"description": "Discount after negotiations",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 970
}, },
"email_address": { "email_address": {
"description": "Contact address, if any", "description": "Contact address, if any",
@ -66,11 +42,49 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 870 "ui-priority": 870
}, },
"Remarks": { "final_ransom": {
"description": "Remarks", "description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 980
},
"initial_ransom": {
"description": "Initial ransom demand in the currency as displayed in field 'currency'",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 900
},
"negotiations_screenshot": {
"description": "Screenshot of the negotiations",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 840
},
"negotiations_transcript": {
"description": "Transcript of the negotiations",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 860 "ui-priority": 850
},
"pay_for_deletion": {
"description": "Does the target needs/wants to pay for data deletion",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 906
},
"pay_for_encryptor": {
"description": "Does the target needs/wants to pay for the decryptor",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 908
}, },
"percentage_of_revenue": { "percentage_of_revenue": {
"description": "Percentage of the annual revenue that the ransom demand amounts to", "description": "Percentage of the annual revenue that the ransom demand amounts to",
@ -78,43 +92,29 @@
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 910 "ui-priority": 910
}, },
"pay_for_encryptor": { "time": {
"description": "Does the target needs/wants to pay for the decryptor", "description": "Date and time of transaction",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "datetime",
"ui-priority": 908, "ui-priority": 940
"sane_default": [
"True",
"False"
],
}, },
"pay_for_deletion": { "url_leaksite": {
"description": "Does the target needs/wants to pay for data deletion", "description": "URL of the leaksite",
"disable_correlation": true, "disable_correlation": false,
"misp-attribute": "boolean", "misp-attribute": "url",
"ui-priority": 906, "ui-priority": 880
"sane_default": [
"True",
"False"
],
}, },
"negotiations_transcript": { "value_EUR": {
"description": "Transcript of the negotiations", "description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 850
},
"negotiations_screenshot": {
"description": "Screenshot of the negotiations",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 840
},
"discount": {
"description": "Discount after negotiations",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "float", "misp-attribute": "float",
"ui-priority": 970 "ui-priority": 950
},
"wallet-address": {
"description": "A cryptocoin wallet address",
"disable_correlation": false,
"misp-attribute": "btc",
"ui-priority": 930
} }
}, },
"description": "An object to describe ransom negotiations, as seen in ransomware incidents.", "description": "An object to describe ransom negotiations, as seen in ransomware incidents.",
@ -124,5 +124,5 @@
"wallet-address" "wallet-address"
], ],
"uuid": "FB72F951-DE2E-4B54-A570-8FC560A74B06", "uuid": "FB72F951-DE2E-4B54-A570-8FC560A74B06",
"version": 1.1 "version": 1.2
} }