From ed7a730a79c70eaa982aebee480acbeea8796111 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Fri, 29 May 2020 16:34:00 -0400 Subject: [PATCH] new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit --- objects/reddit-account/definition.json | 79 +++++++++++++++ objects/reddit-comment/definition.json | 85 ++++++++++++++++ objects/reddit-post/definition.json | 89 +++++++++++++++++ objects/reddit-subreddit/definition.json | 121 +++++++++++++++++++++++ 4 files changed, 374 insertions(+) create mode 100644 objects/reddit-account/definition.json create mode 100644 objects/reddit-comment/definition.json create mode 100644 objects/reddit-post/definition.json create mode 100644 objects/reddit-subreddit/definition.json diff --git a/objects/reddit-account/definition.json b/objects/reddit-account/definition.json new file mode 100644 index 0000000..337f1b0 --- /dev/null +++ b/objects/reddit-account/definition.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "account-avatar": { + "description": "A screen capture or exported account avatar.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "account-id": { + "description": "Account id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "account-name": { + "description": "Account name (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "archive": { + "description": "Archive of the account (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the user.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the account page (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "moderator-of": { + "description": "Subreddits of which this account is a moderator (exclude the r/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "trophies": { + "description": "Trophies listed in the account Trophy Case.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the page (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "user-avatar": { + "description": "A user profile picture or avatar.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + } + }, + "description": "Reddit account.", + "meta-category": "misc", + "name": "reddit-account", + "requiredOneOf": [ + "account-name", + "account-id", + "description", + "archive", + "link" + ], + "uuid": "6802f885-2003-494a-b234-61aadce62731", + "version": 1 +} \ No newline at end of file diff --git a/objects/reddit-comment/definition.json b/objects/reddit-comment/definition.json new file mode 100644 index 0000000..c487cb2 --- /dev/null +++ b/objects/reddit-comment/definition.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original comment (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported file from the comment.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "comment": { + "description": "The raw text of the comment.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the post (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the comment.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the subreddit description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the subreddit description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the comment.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the comment (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "subreddit-name": { + "description": "The name of the subreddit where it was posted (exclude the r/).", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the comment (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the comment (do not include u/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "A Reddit post comment.", + "meta-category": "misc", + "name": "reddit-comment", + "requiredOneOf": [ + "creator", + "comment", + "archive", + "link" + ], + "uuid": "0a7e5fc0-fe6a-43c7-a957-de3269c2eb6c", + "version": 1 +} \ No newline at end of file diff --git a/objects/reddit-post/definition.json b/objects/reddit-post/definition.json new file mode 100644 index 0000000..2ccde61 --- /dev/null +++ b/objects/reddit-post/definition.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original Reddit post (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported file from the Reddit post.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the post (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the post.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the subreddit description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the subreddit description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the Reddit post.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the Reddit post (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "post-content": { + "description": "The raw text of the Reddit post.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "post-title": { + "description": "The title of the Reddit post.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subreddit-name": { + "description": "The name of the subreddit where it was posted (exclude the r/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the Reddit post (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the Reddit post (do not include u/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "A Reddit post.", + "meta-category": "misc", + "name": "reddit-post", + "requiredOneOf": [ + "post-title", + "post-content", + "archive", + "link" + ], + "uuid": "e5ed7e7f-2e21-44ff-839f-e58d9818f17f", + "version": 1 +} \ No newline at end of file diff --git a/objects/reddit-subreddit/definition.json b/objects/reddit-subreddit/definition.json new file mode 100644 index 0000000..19ae175 --- /dev/null +++ b/objects/reddit-subreddit/definition.json @@ -0,0 +1,121 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original subreddit (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts, subreddit members, etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "community-icon": { + "description": "A screen capture or exported subreddit community icon.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the subreddit (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the subreddit.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the subreddit description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the subreddit description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the subreddit.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "header-image": { + "description": "A screen capture or exported subreddit header.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "link": { + "description": "Original link to the subreddit (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "moderator": { + "description": "A user account who is a moderator of the subreddit (do not include u/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "privacy": { + "description": "Subreddit privacy.", + "misp-attribute": "text", + "sane_default": [ + "Public", + "Private" + ], + "ui-priority": 1 + }, + "rules": { + "description": "Raw text of the rules of the subreddit.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "submit-text": { + "description": "The submission form raw text when posting to the subreddit.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subreddit-alias": { + "description": "Aliases or previous names of subreddit.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "subreddit-name": { + "description": "The name of the subreddit (exclude the r/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subreddit-type": { + "description": "Subreddit type, e.g. general, buy and sell etc.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the subreddit (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + } + }, + "description": "Public or private subreddit.", + "meta-category": "misc", + "name": "reddit-subreddit", + "requiredOneOf": [ + "subreddit-name", + "description", + "archive", + "link" + ], + "uuid": "5a00464c-5379-4e66-ab21-d356ba426155", + "version": 1 +} \ No newline at end of file