MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,933 Commits
6 Branches
44 Tags
11 MiB
Commit Graph

1327 Commits (main)

Author SHA1 Message Date
Alexandre Dulaunoy 5a54cf6505
chg: [phishing] add an IP field for phishing website hosted on IP address or where the IP is important for the analytics 2024-06-25 09:11:17 +02:00
Alexandre Dulaunoy e3288ef6e5
fix: [ddos-claim] descriptions fixed following CERT-SE feedback 2024-06-18 09:52:57 +02:00
Alexandre Dulaunoy 1af532033b
fix: [ddos-claim] clarify the validity based on CERT-EU feedback 2024-06-14 08:09:20 +02:00
Alexandre Dulaunoy 386530d73a
new: [ddos-claim] new object added describing DDoS claim (a discussed st 
FIRST2024
 2024-06-14 07:42:28 +02:00
samitainio 23faffab2e chg: remove categories and object_relation definitions from phone-number 2024-06-09 22:39:41 +03:00
samitainio 0b971906ad Add: phone-number object 2024-06-09 22:30:04 +03:00
Alexandre Dulaunoy ffd9120eb1
fix: [research-scanner] version updated 2024-05-27 10:22:53 +02:00
Martin Waleczek 97eb9b974d add 'hostname' for scanning host to object 'research-scanner' 2024-05-24 10:20:40 +02:00
Alexandre Dulaunoy a193e03ad2
chg: [cs-beacon-config] encoded-data as file attachment instead of text 
As encoded-data might be large and not really useful to be displayed in
the UI of MISP. We moved it to an `attachment` attribute type.

We keep the `attachment` as Base64 to avoid any risk of people
downloading or executing as potential malicious file. So it MUST be
encoded in Base64 as it was before.
 2024-05-07 09:36:13 +02:00
Alexandre Dulaunoy e65878874e
chg: [organization] add a MISP UUID if present 2024-05-03 22:04:04 +02:00
iglocska 73d94b8e2d
fix: [jq] all the things 2024-05-02 13:23:48 +02:00
Andras Iklody da5a569784
organization object 
- Added "private" to the list of sectors as suggested by Monsieur Hamm.
 2024-05-02 13:18:19 +02:00
Alexandre Dulaunoy c83372377e
chg: [registry-key] jq all the things 2024-04-25 11:20:46 +02:00
Christophe Vandeplas 28328aa53d
chg: [registry-key] added Artifacts dropped as potential category 2024-04-25 11:18:26 +02:00
Alexandre Dulaunoy 2061c353fe
fix: [ransomware-group-post] added the missing descriptions for `actor-geo-stats-30d` and `actor-total-stats-30d` 2024-04-24 16:47:47 +02:00
Alexandre Dulaunoy 42b48439da
chg: [ransomware-group-post] severity field sane default added 2024-04-24 16:42:39 +02:00
Alexandre Dulaunoy 9f98d15a6f
fix: [cs-beacong-config] typo fixed 2024-04-24 16:29:33 +02:00
Alexandre Dulaunoy f3724ad19b
fix: [cs-beacon-config] updated the NAICS description 2024-04-24 16:23:53 +02:00
Alexandre Dulaunoy 7f95d3290a
chg: [cs-beacon-config] major update following shadowserver.org requirements 
- Fixed some matching type instead of text (like size-in-bytes or integer)
- Added many fields and replace name with `_` to `-`
- Added some basic description
 2024-04-24 16:19:47 +02:00
Alexandre Dulaunoy 3d78e17c4b
chg: [ransomware-group-post] updated with shadowserver object template 
format

- underscores replaced with hyphen
- descriptions added
- decorrelation added for some fields
 2024-04-24 15:19:02 +02:00
Alexandre Dulaunoy 16b354c04c
chg: [instant-message] remove newlines 2024-04-24 14:30:19 +02:00
menewol 93b43a3191
Added Mattermost 2024-04-24 14:11:50 +02:00
David Cruciani b10d4680bc
Merge branch 'MISP:main' into main 2024-04-18 14:40:59 +02:00
David Cruciani 051605763e
chg: [flowintel-cm] notes 2024-04-18 14:40:16 +02:00
Christophe Vandeplas b37c347792
Merge pull request #424 from cvandeplas/main 
new: Generalizing Persuasion (GP) Framework
 2024-04-14 07:53:09 +02:00
Christophe Vandeplas f267c28d1f
new: [gpf] Split actors_speaker and settings_competition into more 2024-04-14 07:26:53 +02:00
Christian Studer e970e8d5a6
Merge branch 'main' of github.com:MISP/misp-objects 2024-04-13 12:25:17 +02:00
Christian Studer 2fe584ca6f
fix: Changed a few attribute types in different template 2024-04-13 12:24:58 +02:00
Alexandre Dulaunoy 223b7342d8
chg: [news-media] add governmental communication and also news agency 
source (including alert type)
 2024-04-12 10:22:53 +02:00
Christophe Vandeplas 8fe87ab6bc
new: [gpf] Added Generalizing Persuasion Framework 2024-04-12 08:09:52 +02:00
Christian Studer b2de8dd7c7
chg: [network-traffic] Going for the `protocol` attribute in singular 2024-04-11 12:04:55 +02:00
Christian Studer 712ab7f10a
fix: [network-connection] Using the `size-in-bytes` attribute type for information expressed in bytes 2024-04-11 09:42:06 +02:00
Christian Studer 661c71e35e
add: [network-traffic] Generic Network Traffic object 
- Following the STIX 2.1 spec
 2024-04-10 11:13:16 +02:00
Alexandre Dulaunoy dc52c10844
chg: [cert-pl-phishing] fixed 2024-04-04 16:53:46 +02:00
Alexandre Dulaunoy ea48921444
chg: [cert-pl-phishing] fixed 2024-04-04 16:48:33 +02:00
Alexandre Dulaunoy 4c661b7747
new: [cert-pl-phishing] first draft of a template for the CERT.PL 
phishing system
 2024-04-04 16:45:33 +02:00
Christian Studer 5b95994bdd
fix: [pe] Removing the `disable_correlation` flag for a `size-in-bytes` attribute type 2024-04-03 17:33:30 +02:00
Christian Studer 980ab615ec
add: [pe-optional-header] New object template for PE optional headers 2024-04-03 17:32:47 +02:00
Christian Studer f247f04548
Merge branch 'main' of github.com:MISP/misp-objects 2024-04-03 14:38:38 +02:00
Christian Studer fba223520a
fix: [pe] Sizes in the PE format should be in bytes 2024-04-03 14:37:55 +02:00
Alexandre Dulaunoy d905c08031
fix: [pe] typo fixed 2024-04-03 14:29:36 +02:00
Christian Studer 2afdb6104b
fix: [pe] `counter` makes more sense here 2024-04-03 14:08:17 +02:00
Christian Studer e042ac127a
chg: [pe] Using the new `integer` attribute type 2024-04-03 13:31:32 +02:00
Christian Studer eb1536f505
chg: [pe] Added `characteristics` & `machine-type` enumerations 
- Characteristics are usually in a list, so we
  have now both the list of characteristics with
  their name, and the hex value of the addition
  of all the characteristics numeric values
- We represent the machine type with its name
 2024-04-03 11:19:16 +02:00
Christian Studer ad952beb60
add: [pe] Added some PE fields as available with `lief` API 2024-04-02 21:21:38 +02:00
Alexandre Dulaunoy b023d0a3de
chg: [ddos] object type alone authorized if the source/target cannot be 
disclosed
 2024-03-29 16:22:07 +01:00
Sebastien Larinier d6af105b45 Add software impacted by exploit 2024-03-18 14:19:35 +00:00
Alexandre Dulaunoy ab963cdb5b
chg: [command-line] added sane_default 2024-03-16 09:48:29 +01:00
Alexandre Dulaunoy 322e451c3c
Merge branch 'main' of https://github.com/sebdraven/misp-objects into sebdraven-main 2024-03-16 09:46:59 +01:00
goodlandsecurity fac453a247
fixed parse error 2024-03-15 14:04:07 -05:00
goodlandsecurity 11bf472d8e
forgot multiple flag on two attributes 2024-03-15 13:52:09 -05:00
goodlandsecurity c3f17d6060
adding stairwell object 2024-03-15 12:05:03 -05:00
Sebastien Larinier acfef2f5e8 change type of ans name 2024-03-07 12:02:23 +00:00
Sebastien Larinier 53572fe294 fix typo of description 2024-03-07 10:12:21 +00:00
Sebastien Larinier 9c03f6ab9d add software for cmd line and change type 2024-03-07 10:10:36 +00:00
Alexandre Dulaunoy c72ec74070
fix: [cs-beacon-config] Partial info from CS beacon are possible 
Fix #417 - Thanks to @sebdraven
 2024-03-06 07:24:37 +01:00
Christos Arvanitis a367c43eb9 Disable correlation for IntelMQ time fields 2024-03-05 11:22:17 +01:00
Alexandre Dulaunoy 173af552aa
chg: [person/organization] `impersonated` added to the role of person 
and organization templates

Thanks to NRC Cyber Security for the idea.
 2024-03-05 08:59:45 +01:00
Christian Studer 3ac509965f
add: [process] Environment variables attribute 2024-01-30 15:19:54 +01:00
Christian Studer 7c565093df
chg: [artifact] Changed the `payload_bin` attribute to attachment type 2024-01-19 23:15:41 +01:00
David Cruciani 401c34f6f3
chg: [flowintel-task] add case-uuid 2024-01-15 09:11:00 +01:00
David Cruciani 248e7a95dc
chg: [validation] jq all 2024-01-10 12:07:32 +01:00
David Cruciani 55917fe94c
chg: [version] v2 2024-01-10 11:52:10 +01:00
David Cruciani b407a9d046
chg: [url] to_ids 2024-01-10 11:49:54 +01:00
David Cruciani 156fa7a07e
chg: [flowintel] typo + uuid+origin-url 2023-12-14 16:14:44 +01:00
David Cruciani b657128758
new: [object] flowintel-cm 2023-12-14 15:58:46 +01:00
Alexandre Dulaunoy 587b298e1e
chg: [shadowserver-malware-url-report] resource path added to improve 
correlation aspects
 2023-12-08 15:18:32 +01:00
Alexandre Dulaunoy fcd2cf2445
chg: [cs-beacon-config] updated to add details requested by ShadowServer 2023-12-07 10:54:40 +01:00
Alexandre Dulaunoy 7f77dbe685
chg: [shadowserver-malware-url-report] sane default added for severity 
Ref: https://github.com/The-Shadowserver-Foundation/report_schema/blob/main/severity.md
 2023-12-07 08:50:15 +01:00
Alexandre Dulaunoy f02af50725
chg: [shadowserver-malware-url-report] sane_default added 2023-12-06 09:50:54 +01:00
Alexandre Dulaunoy 23e41b2262
chg: [shadowserver-malware-url-report] severity added 2023-12-06 09:46:08 +01:00
Alexandre Dulaunoy 047d442311
fix: [report] typo fixed 2023-12-06 09:32:13 +01:00
Alexandre Dulaunoy 08db16c162
chg: [report] `title` field added to the report object template 2023-12-06 09:05:16 +01:00
Alexandre Dulaunoy c536f2f318
fix: [shadowserver-malware-url-report] `port` field added 2023-12-06 08:45:51 +01:00
Alexandre Dulaunoy a240e70334
fix: [victim] object updated 2023-12-05 20:58:22 +01:00
Matthieu Faou 5a19c46498
Changed academic research to academia - university to align with the sector cluster 2023-12-05 12:25:32 -05:00
Matthieu Faou d7007fe456
Added 5 sectors to the victim object 2023-12-05 11:50:38 -05:00
Alexandre Dulaunoy c18a240153
new: [shadowserver-malware-url-report] first version 
Transposition of the `malware_url` from Shadowserver
 2023-11-22 09:20:56 +01:00
Matthijs van P fd90274503
Merge branch 'MISP:main' into main 2023-11-21 14:03:33 +01:00
Alexandre Dulaunoy d4b6596a9d
fix: [crowdstrike-report] jq all the things 2023-11-21 08:20:35 +01:00
akshayjain-1 516d5ac668
Update definition.json 
Changed the file hash attribute type to sha256 from text
 2023-11-20 13:54:12 -05:00
akshayjain-1 feeaa600b7
Create definition.json for Crowdstrike report 2023-11-20 12:09:18 -05:00
Matthijs van Polen f90ff8c3c0 [attack-step] Fixed typo, added multiples. 2023-11-10 15:18:48 +01:00
Christian Studer 8fb566fc60
add: [intrusion-set] Added `first_seen` & `last_seen` attributes 2023-11-09 12:10:52 +01:00
Alexandre Dulaunoy 0e4c819354
Merge pull request #405 from bynt/main 
new misp-object: c2-list
 2023-11-07 21:19:55 +01:00
Christian Studer d1653d9783
add: [user-account] Added email attribute 2023-10-31 15:49:44 +01:00
Alexandre Dulaunoy 5feb052732
chg: [cs-beacon-config] some updates 2023-10-13 16:29:01 +02:00
Alexandre Dulaunoy 3c2b62d3c3
chg: [cryptocurrency-transaction] fix the UUID 2023-09-28 10:18:32 +02:00
Alexandre Dulaunoy 40323d411e
new: [cryptocurrency-transaction] generic transaction object for any 
cryptocurrency
 2023-09-28 10:14:34 +02:00
Alexandre Dulaunoy 64e37f4bc8
chg: [coin-address] add a generic crypto address if the address format 
is not known or supported
 2023-09-28 10:06:02 +02:00
Martin Waleczek 652f0f7120 reorder elements 2023-09-19 17:05:06 +02:00
Martin Waleczek aa3bbd44fa add c2-ip to definition.json 2023-09-19 16:58:06 +02:00
Martin Waleczek 4e10e5501e add definition.json for c2-list 2023-09-19 16:31:10 +02:00
Christian Studer bb21ca8350
fix: [ilr-notification-incident] Typo 2023-09-14 16:58:22 +02:00
Alexandre Dulaunoy 0edf925a59
chg: [email] email-body-attachment added 2023-09-11 11:28:39 +02:00
Alexandre Dulaunoy d32f9b1add
fix: [virustotal-report] bump version 2023-09-01 09:34:08 +02:00
Christian Studer 1ddb03e342
fix: [artifact] Properly JQed the end of file 2023-08-17 14:49:44 +02:00
Christian Studer 9a63309ba4
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes 
- A change to adopt the same logic as file objects
  regarding the different hash values
- In STIX 2.1 an Artifact object is not necessarily
  linked to a File object and both referenced by
  an Observed Data object. In some cases Artifact
  objects are referenced for instance by Malware
  objects, in which case they describe the actual
  malware sample. It is then usefull to have the
  different hash values in single attributes rather
  than concatenated in a text attribute
 2023-08-16 23:25:32 +02:00
Christian Studer b87cafc35e
fix: [malware] Fixed `is_family` attribute type 2023-08-10 11:39:44 +02:00
Christian Studer a9f836f751 Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch 2023-08-10 10:00:47 +02:00