Merge branch 'main' of github.com:MISP/misp-objects

pull/387/head
Christian Studer 2023-02-27 10:24:10 +01:00
commit e95ca3fbd9
4 changed files with 156 additions and 2 deletions

View File

@ -106,6 +106,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/ADS](https://github.com/MISP/misp-objects/blob/main/objects/ADS/definition.json) - An object defining ADS - Alerting and Detection Strategy by PALANTIR. Can be used for detection engineering.
- [objects/ail-leak](https://github.com/MISP/misp-objects/blob/main/objects/ail-leak/definition.json) - An information leak as defined by the AIL Analysis Information Leak framework.
- [objects/ais](https://github.com/MISP/misp-objects/blob/main/objects/ais/definition.json) - Automatic Identification System (AIS) is an automatic tracking system that uses transceivers on ships.
- [objects/ais-info](https://github.com/MISP/misp-objects/blob/main/objects/ais-info/definition.json) - Automated Indicator Sharing (AIS) Information Source Markings.
- [objects/android-app](https://github.com/MISP/misp-objects/blob/main/objects/android-app/definition.json) - Indicators related to an Android app.
- [objects/android-permission](https://github.com/MISP/misp-objects/blob/main/objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app).
@ -125,7 +126,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/blog](https://github.com/MISP/misp-objects/blob/main/objects/blog/definition.json) - Blog post like Medium or WordPress.
- [objects/boleto](https://github.com/MISP/misp-objects/blob/main/objects/boleto/definition.json) - A common form of payment used in Brazil.
- [objects/btc-transaction](https://github.com/MISP/misp-objects/blob/main/objects/btc-transaction/definition.json) - An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet.
- [objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with bitcoin-transaction.
- [objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with btc-transaction object.
- [objects/cap-alert](https://github.com/MISP/misp-objects/blob/main/objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object.
- [objects/cap-info](https://github.com/MISP/misp-objects/blob/main/objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object.
- [objects/cap-resource](https://github.com/MISP/misp-objects/blob/main/objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object.
@ -185,7 +186,6 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/ftm-Call](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Call/definition.json) - Phone call object template including the call and all associated meta-data.
- [objects/ftm-Company](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Company/definition.json) - A legal entity representing an association of people, whether natural, legal or a mixture of both, with a specific objective.
- [objects/ftm-Contract](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Contract/definition.json) - An contract or contract lot issued by an authority. Multiple lots may be awarded to different suppliers (see ContractAward).
.
- [objects/ftm-ContractAward](https://github.com/MISP/misp-objects/blob/main/objects/ftm-ContractAward/definition.json) - A contract or contract lot as awarded to a supplier.
- [objects/ftm-CourtCase](https://github.com/MISP/misp-objects/blob/main/objects/ftm-CourtCase/definition.json) - Court case.
- [objects/ftm-CourtCaseParty](https://github.com/MISP/misp-objects/blob/main/objects/ftm-CourtCaseParty/definition.json) - Court Case Party.
@ -307,6 +307,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/query](https://github.com/MISP/misp-objects/blob/main/objects/query/definition.json) - An object describing a query, along with its format.
- [objects/r2graphity](https://github.com/MISP/misp-objects/blob/main/objects/r2graphity/definition.json) - Indicators extracted from files using radare2 and graphml.
- [objects/ransom-negotiation](https://github.com/MISP/misp-objects/blob/main/objects/ransom-negotiation/definition.json) - An object to describe ransom negotiations, as seen in ransomware incidents.
- [objects/ransomware-group-post](https://github.com/MISP/misp-objects/blob/main/objects/ransomware-group-post/definition.json) - Ransomware group post as monitored by ransomlook.io.
- [objects/reddit-account](https://github.com/MISP/misp-objects/blob/main/objects/reddit-account/definition.json) - Reddit account.
- [objects/reddit-comment](https://github.com/MISP/misp-objects/blob/main/objects/reddit-comment/definition.json) - A Reddit post comment.
- [objects/reddit-post](https://github.com/MISP/misp-objects/blob/main/objects/reddit-post/definition.json) - A Reddit post.
@ -376,6 +377,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/tracking-id](https://github.com/MISP/misp-objects/blob/main/objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
- [objects/transaction](https://github.com/MISP/misp-objects/blob/main/objects/transaction/definition.json) - An object to describe a financial transaction.
- [objects/translation](https://github.com/MISP/misp-objects/blob/main/objects/translation/definition.json) - Used to keep a text and its translation.
- [objects/transport-ticket](https://github.com/MISP/misp-objects/blob/main/objects/transport-ticket/definition.json) - A transport ticket.
- [objects/trustar_report](https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json) - TruStar Report.
- [objects/tsk-chats](https://github.com/MISP/misp-objects/blob/main/objects/tsk-chats/definition.json) - An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.
- [objects/tsk-web-bookmark](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-bookmark/definition.json) - An Object Template to add evidential bookmarks identified during a digital forensic investigation.

135
objects/ais/definition.json Normal file
View File

@ -0,0 +1,135 @@
{
"attributes": {
"ETA": {
"description": "Estimated time of arrival at destination",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"IMO-number": {
"description": "IMO ship identification number: a seven digit number that remains unchanged upon transfer of the ship's registration to another country",
"misp-attribute": "text",
"ui-priority": 90
},
"MMSI": {
"description": "Vessel Maritime Maritime Mobile Service Identity (MMSI): a unique nine digit identification number.",
"misp-attribute": "text",
"ui-priority": 99
},
"call-sign": {
"description": "International radio call-sign, up to 7 characters.",
"misp-attribute": "text",
"ui-priority": 97
},
"course-over-ground": {
"description": "The course of the vessel, relative to true north to 0.1 degree",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 78
},
"destination": {
"description": "Destination of the vessel in max 20 characters",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"dimension-a": {
"description": "Distance in meters from Forward Perpendicular (FP)",
"misp-attribute": "float",
"ui-priority": 24
},
"dimension-b": {
"description": "Distance in meters from After Perpendicular (AP)",
"misp-attribute": "float",
"ui-priority": 23
},
"dimension-c": {
"description": "Distance in meters inboard from port side",
"misp-attribute": "float",
"ui-priority": 22
},
"dimension-d": {
"description": "Distance in meters inboard from starboard side",
"misp-attribute": "float",
"ui-priority": 21
},
"draught": {
"description": "Draught of ship. 0.1-25.5 meters",
"misp-attribute": "float",
"ui-priority": 20
},
"first-seen": {
"description": "When the location was seen for the first time.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 87
},
"last-seen": {
"description": "When the location was seen for the last time.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 86
},
"latitude": {
"description": "The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 89
},
"longitude": {
"description": "The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 88
},
"name": {
"description": "20 characters to represent the name of the vessel",
"misp-attribute": "text",
"ui-priority": 98
},
"navigational-status": {
"description": "1. at anchor, 2. under command, 3. Restricted Manoeuvrability, etc.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 80
},
"rate-of-turn": {
"description": "right or left, from 0 to 720 degrees per minute",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 75
},
"speed-over-ground": {
"description": "0.1 knot resolution from 0 to 102 knots",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 79
},
"true-heading": {
"description": "The true heading of the vessel. 0 to 359 degrees",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 77
},
"true-heading-at-own-position": {
"description": "The true heading at own position of the vessel. 0 to 359 degrees",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 76
},
"type-of-ship": {
"description": "Type of ship/cargo",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 91
}
},
"description": "Automatic Identification System (AIS) is an automatic tracking system that uses transceivers on ships.",
"meta-category": "marine",
"name": "AIS",
"requiredOneOf": [
"mmsi"
],
"uuid": "ef90551a-ff34-472c-9fba-c272c4435baa",
"version": 1
}

View File

@ -1,5 +1,10 @@
{
"attributes": {
"access-time": {
"description": "The last time the file was accessed",
"misp-attribute": "datetime",
"ui-priority": 0
},
"attachment": {
"description": "A non-malicious file.",
"misp-attribute": "attachment",
@ -21,6 +26,11 @@
"misp-attribute": "datetime",
"ui-priority": 0
},
"creation-time": {
"description": "Creation time of the file",
"misp-attribute": "datetime",
"ui-priority": 0
},
"entropy": {
"description": "Entropy of the whole file",
"disable_correlation": true,
@ -334,6 +344,11 @@
"misp-attribute": "mime-type",
"ui-priority": 0
},
"modification-time": {
"description": "Last time the file was modified",
"misp-attribute": "datetime",
"ui-priority": 0
},
"path": {
"description": "Path of the filename complete or partial",
"disable_correlation": true,

View File

@ -43,6 +43,7 @@
"anonymised",
"attachment",
"authentihash",
"azure-application-id",
"bank-account-nr",
"bic",
"bin",
@ -280,6 +281,7 @@
"file",
"network",
"financial",
"marine",
"misc",
"mobile",
"internal",