MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,847 Commits
4 Branches
37 Tags
10 MiB
Commit Graph

1269 Commits (main)

Author SHA1 Message Date
Alexandre Dulaunoy a193e03ad2
chg: [cs-beacon-config] encoded-data as file attachment instead of text 
As encoded-data might be large and not really useful to be displayed in
the UI of MISP. We moved it to an `attachment` attribute type.

We keep the `attachment` as Base64 to avoid any risk of people
downloading or executing as potential malicious file. So it MUST be
encoded in Base64 as it was before.
 2024-05-07 09:36:13 +02:00
Alexandre Dulaunoy e65878874e
chg: [organization] add a MISP UUID if present 2024-05-03 22:04:04 +02:00
iglocska 73d94b8e2d
fix: [jq] all the things 2024-05-02 13:23:48 +02:00
Andras Iklody da5a569784
organization object 
- Added "private" to the list of sectors as suggested by Monsieur Hamm.
 2024-05-02 13:18:19 +02:00
Alexandre Dulaunoy c83372377e
chg: [registry-key] jq all the things 2024-04-25 11:20:46 +02:00
Christophe Vandeplas 28328aa53d
chg: [registry-key] added Artifacts dropped as potential category 2024-04-25 11:18:26 +02:00
Alexandre Dulaunoy 2061c353fe
fix: [ransomware-group-post] added the missing descriptions for `actor-geo-stats-30d` and `actor-total-stats-30d` 2024-04-24 16:47:47 +02:00
Alexandre Dulaunoy 42b48439da
chg: [ransomware-group-post] severity field sane default added 2024-04-24 16:42:39 +02:00
Alexandre Dulaunoy 9f98d15a6f
fix: [cs-beacong-config] typo fixed 2024-04-24 16:29:33 +02:00
Alexandre Dulaunoy f3724ad19b
fix: [cs-beacon-config] updated the NAICS description 2024-04-24 16:23:53 +02:00
Alexandre Dulaunoy 7f95d3290a
chg: [cs-beacon-config] major update following shadowserver.org requirements 
- Fixed some matching type instead of text (like size-in-bytes or integer)
- Added many fields and replace name with `_` to `-`
- Added some basic description
 2024-04-24 16:19:47 +02:00
Alexandre Dulaunoy 3d78e17c4b
chg: [ransomware-group-post] updated with shadowserver object template 
format

- underscores replaced with hyphen
- descriptions added
- decorrelation added for some fields
 2024-04-24 15:19:02 +02:00
Alexandre Dulaunoy 16b354c04c
chg: [instant-message] remove newlines 2024-04-24 14:30:19 +02:00
menewol 93b43a3191
Added Mattermost 2024-04-24 14:11:50 +02:00
David Cruciani b10d4680bc
Merge branch 'MISP:main' into main 2024-04-18 14:40:59 +02:00
David Cruciani 051605763e
chg: [flowintel-cm] notes 2024-04-18 14:40:16 +02:00
Christophe Vandeplas b37c347792
Merge pull request #424 from cvandeplas/main 
new: Generalizing Persuasion (GP) Framework
 2024-04-14 07:53:09 +02:00
Christophe Vandeplas f267c28d1f
new: [gpf] Split actors_speaker and settings_competition into more 2024-04-14 07:26:53 +02:00
Christian Studer e970e8d5a6
Merge branch 'main' of github.com:MISP/misp-objects 2024-04-13 12:25:17 +02:00
Christian Studer 2fe584ca6f
fix: Changed a few attribute types in different template 2024-04-13 12:24:58 +02:00
Alexandre Dulaunoy 223b7342d8
chg: [news-media] add governmental communication and also news agency 
source (including alert type)
 2024-04-12 10:22:53 +02:00
Christophe Vandeplas 8fe87ab6bc
new: [gpf] Added Generalizing Persuasion Framework 2024-04-12 08:09:52 +02:00
Christian Studer b2de8dd7c7
chg: [network-traffic] Going for the `protocol` attribute in singular 2024-04-11 12:04:55 +02:00
Christian Studer 712ab7f10a
fix: [network-connection] Using the `size-in-bytes` attribute type for information expressed in bytes 2024-04-11 09:42:06 +02:00
Christian Studer 661c71e35e
add: [network-traffic] Generic Network Traffic object 
- Following the STIX 2.1 spec
 2024-04-10 11:13:16 +02:00
Alexandre Dulaunoy dc52c10844
chg: [cert-pl-phishing] fixed 2024-04-04 16:53:46 +02:00
Alexandre Dulaunoy ea48921444
chg: [cert-pl-phishing] fixed 2024-04-04 16:48:33 +02:00
Alexandre Dulaunoy 4c661b7747
new: [cert-pl-phishing] first draft of a template for the CERT.PL 
phishing system
 2024-04-04 16:45:33 +02:00
Christian Studer 5b95994bdd
fix: [pe] Removing the `disable_correlation` flag for a `size-in-bytes` attribute type 2024-04-03 17:33:30 +02:00
Christian Studer 980ab615ec
add: [pe-optional-header] New object template for PE optional headers 2024-04-03 17:32:47 +02:00
Christian Studer f247f04548
Merge branch 'main' of github.com:MISP/misp-objects 2024-04-03 14:38:38 +02:00
Christian Studer fba223520a
fix: [pe] Sizes in the PE format should be in bytes 2024-04-03 14:37:55 +02:00
Alexandre Dulaunoy d905c08031
fix: [pe] typo fixed 2024-04-03 14:29:36 +02:00
Christian Studer 2afdb6104b
fix: [pe] `counter` makes more sense here 2024-04-03 14:08:17 +02:00
Christian Studer e042ac127a
chg: [pe] Using the new `integer` attribute type 2024-04-03 13:31:32 +02:00
Christian Studer eb1536f505
chg: [pe] Added `characteristics` & `machine-type` enumerations 
- Characteristics are usually in a list, so we
  have now both the list of characteristics with
  their name, and the hex value of the addition
  of all the characteristics numeric values
- We represent the machine type with its name
 2024-04-03 11:19:16 +02:00
Christian Studer ad952beb60
add: [pe] Added some PE fields as available with `lief` API 2024-04-02 21:21:38 +02:00
Alexandre Dulaunoy b023d0a3de
chg: [ddos] object type alone authorized if the source/target cannot be 
disclosed
 2024-03-29 16:22:07 +01:00
Sebastien Larinier d6af105b45 Add software impacted by exploit 2024-03-18 14:19:35 +00:00
Alexandre Dulaunoy ab963cdb5b
chg: [command-line] added sane_default 2024-03-16 09:48:29 +01:00
Alexandre Dulaunoy 322e451c3c
Merge branch 'main' of https://github.com/sebdraven/misp-objects into sebdraven-main 2024-03-16 09:46:59 +01:00
goodlandsecurity fac453a247
fixed parse error 2024-03-15 14:04:07 -05:00
goodlandsecurity 11bf472d8e
forgot multiple flag on two attributes 2024-03-15 13:52:09 -05:00
goodlandsecurity c3f17d6060
adding stairwell object 2024-03-15 12:05:03 -05:00
Sebastien Larinier acfef2f5e8 change type of ans name 2024-03-07 12:02:23 +00:00
Sebastien Larinier 53572fe294 fix typo of description 2024-03-07 10:12:21 +00:00
Sebastien Larinier 9c03f6ab9d add software for cmd line and change type 2024-03-07 10:10:36 +00:00
Alexandre Dulaunoy c72ec74070
fix: [cs-beacon-config] Partial info from CS beacon are possible 
Fix #417 - Thanks to @sebdraven
 2024-03-06 07:24:37 +01:00
Christos Arvanitis a367c43eb9 Disable correlation for IntelMQ time fields 2024-03-05 11:22:17 +01:00
Alexandre Dulaunoy 173af552aa
chg: [person/organization] `impersonated` added to the role of person 
and organization templates

Thanks to NRC Cyber Security for the idea.
 2024-03-05 08:59:45 +01:00