diff --git a/objects/device/definition.json b/objects/device/definition.json index 4826bdd..f467fe3 100644 --- a/objects/device/definition.json +++ b/objects/device/definition.json @@ -40,7 +40,13 @@ "ip-address": { "description": "Device IP address", "ui-priority": 0, - "misp-attribute": "ip-src" + "misp-attribute": "ip-src", + "multiple": true + }, + "MAC-address": { + "description": "Device MAC address", + "ui-priority": 0, + "misp-attribute": "text" }, "analysis-date": { "description": "Date of device analysis", @@ -54,7 +60,7 @@ "multiple": true } }, - "version": 3, + "version": 5, "description": "An object to define a device", "meta-category": "misc", "uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52", diff --git a/objects/organization/definition.json b/objects/organization/definition.json index 966a8f5..f575479 100644 --- a/objects/organization/definition.json +++ b/objects/organization/definition.json @@ -71,5 +71,5 @@ "description": "An object which describes an organization.", "meta-category": "misc", "uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a", - "name": "organization" + "name": "misc" } diff --git a/objects/phishing-kit/definition.json b/objects/phishing-kit/definition.json new file mode 100644 index 0000000..6364636 --- /dev/null +++ b/objects/phishing-kit/definition.json @@ -0,0 +1,96 @@ +{ + "name": "phishing-kit", + "uuid": "f452c16b-12fa-4f87-84a2-15a9e8ca6e7c", + "meta-category": "network", + "description": "Oject to describe a phishing-kit.", + "version": 2, + "attributes": { + "internal reference": { + "categories": [ + "Internal reference" + ], + "misp-attribute": "text", + "ui-priority": 1, + "description": "Internal reference such as ticket ID" + }, + "date-found": { + "multiple": true, + "misp-attribute": "datetime", + "ui-priority": 0, + "description": "Date when the phishing kit was found", + "to_ids": false, + "disable_correlation": true + }, + "reference-link": { + "to_ids": false, + "multiple": true, + "ui-priority": 1, + "misp-attribute": "link", + "description": "Link where the Phishing Kit was observed" + }, + "threat-actor-email": { + "description": "Email of the Threat Actor", + "multiple": true, + "ui-priority": 0, + "misp-attribute": "email-src" + }, + "email-type": { + "description": "Type of the Email", + "multiple": false, + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "kit-mailer": { + "description": "Mailer Kit Used", + "multiple": true, + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "target": { + "description": "What was targeted using this phishing kit", + "multiple": true, + "ui-priority": 1, + "misp-attribute": "text" + }, + "phishing-domain": { + "description": "Domain used for Phishing", + "multiple": true, + "ui-priority": 1, + "misp-attribute": "url" + }, + "online": { + "disable_correlation": true, + "misp-attribute": "text", + "values_list": [ + "Yes", + "No" + ], + "ui-priority": 0, + "description": "If the phishing kit is online and operational, by default is yes" + }, + "kit-url": { + "misp-attribute": "url", + "ui-priority": 1, + "description": "URL of Phishing Kit" + }, + "threat-actor": { + "description": "Identified threat actor", + "ui-priority": 0, + "multiple": true, + "misp-attribute": "text" + }, + "kit-name": { + "description": "Name of the Phishing Kit", + "ui-priority": 10, + "misp-attribute": "text" + } + }, + "requiredOneOf": [ + "kit-url", + "reference-link", + "kit-name", + "kit-hash" + ] +} diff --git a/relationships/definition.json b/relationships/definition.json index 873fdb1..0c1a8a2 100644 --- a/relationships/definition.json +++ b/relationships/definition.json @@ -939,7 +939,8 @@ "name": "creates", "description": "Represents an object that creates something.", "format": [ - "misp" + "misp", + "haxpak" ] } ],