MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
329 Commits
4 Branches
39 Tags
10 MiB
Commit Graph

329 Commits (0f3b8195f5d483812d28d91f6911428f3fbbb826)

Author SHA1 Message Date
garanews 0f3b8195f5 sandbox-signature 
Added object sb-signature
 2018-01-23 10:12:07 +01:00
Alexandre Dulaunoy 90e72d5895
fix: person object updated to match AML client record + various fixes 2018-01-22 14:16:46 +01:00
Alexandre Dulaunoy cd528865bb
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program 2018-01-22 13:34:33 +01:00
Alexandre Dulaunoy c75015e1a6
fix: registry-key updated 2018-01-18 13:49:03 +01:00
Alexandre Dulaunoy c04d56d7cd
remove registry hive because registry-key is enough 2018-01-18 13:47:57 +01:00
Alexandre Dulaunoy 94cfc57e16
add: registry-hive object describing a Windows registry hive including key, subkey and 
value (and associated data if any)
 2018-01-18 12:54:01 +01:00
Alexandre Dulaunoy 90475bcf9c
fix: We are in 2018 2018-01-14 23:40:32 +01:00
Alexandre Dulaunoy 21e58b3ddf
Merge pull request #68 from yodresh/patch-1 
Update SS7-attack definition.json
 2018-01-11 12:26:40 +01:00
Alexandre De Oliveira 1b42b02c99
Update definition.json 
Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed.
Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
 2018-01-11 11:52:11 +01:00
Alexandre Dulaunoy 2edd725466
Merge pull request #66 from c-goes/sandbox_report_object 
added sandbox-report object
 2018-01-09 12:02:33 +01:00
c-goes f92eb6e1b7 added sandbox-report object 2018-01-08 17:28:21 +01:00
Alexandre Dulaunoy 735ebf26bc
fix: annotation object 2018-01-08 11:47:19 +01:00
Alexandre Dulaunoy eafb54fd07
add: An annotation object allowing analysts to add annotations, 
comments, executive summary to a MISP event, objects or attributes.
 2018-01-08 11:28:11 +01:00
Alexandre Dulaunoy 1008428476
fix: add missing attribute type for the state 2018-01-08 08:15:43 +01:00
Alexandre Dulaunoy 71c0ae1e6c
fix: Vulnerability object improved to include the case of unpublished 
security vulnerability
 2018-01-08 07:48:32 +01:00
Alexandre Dulaunoy 60279184dd
add: ss7-attack object for the attack against GSM/UMTS networks seen in 
SS7 logging.
 2018-01-05 16:17:23 +01:00
Alexandre Dulaunoy 8f9c7b1ae1
add: Diameter attack object targeting GSM, UMTS and 4G networks. 2018-01-05 14:34:20 +01:00
Alexandre Dulaunoy 17373f6130
fix: GTPInterface updated 2018-01-05 14:26:28 +01:00
Alexandre Dulaunoy 93f8c7e9d3
fix: GTP attack - multiple on GTP interface 2018-01-05 14:10:05 +01:00
Alexandre Dulaunoy 60d5767e8b
add: first version of a MISP object to describe GTP attack on 
GSM/UTMS/3G network.
 2018-01-05 13:37:54 +01:00
Alexandre Dulaunoy 875f97dce1
add: new relationship "drops" - This relationship describes an object which drops another object 2018-01-04 14:41:40 +01:00
Alexandre Dulaunoy 7ebda41b4a
fix: disable correlation on fields where is not needed 2017-12-30 19:39:55 +01:00
Alexandre Dulaunoy b4d30b1419
fix: disable correlation on microblog type (Twitter or alike) 2017-12-30 19:26:48 +01:00
Alexandre Dulaunoy 5cd069acdd
fix: disable correlation on all filename-* 2017-12-24 15:05:12 +01:00
Alexandre Dulaunoy 3aea2f2950
fix: Disable correlation on filename by default 2017-12-24 15:02:47 +01:00
Alexandre Dulaunoy 1460d055a0
add: new stix2-pattern object to include STIX 2 patterning 2017-12-21 16:16:33 +01:00
Alexandre Dulaunoy 285635c04c
Merge pull request #61 from cvandeplas/master 
whois - adds nameserver attributes
 2017-12-20 22:19:11 +01:00
Christophe Vandeplas 9de7423501 whois - adds nameserver attributes 
adding nameserver attributes as a whois response contains those
 2017-12-20 15:22:45 +01:00
Alexandre Dulaunoy 871b86e35f
fix: Update registry-key to match correct MISP attributes 2017-12-18 14:16:36 +01:00
Alexandre Dulaunoy cf7aa00f98
chg: whois object now includes registrant-org matching new MISP 
attributes type - whois-registrant-org
 2017-12-18 14:04:53 +01:00
Alexandre Dulaunoy b85438fc45
Fix: x509 object now uses the new and proper fp type 2017-12-13 17:39:59 +01:00
Alexandre Dulaunoy de36d3b735
jq all the things! 2017-12-12 21:57:45 +01:00
Alexandre Dulaunoy 75f9af5464
Merge pull request #41 from truckydev/patch-1 
regex addon
 2017-12-12 21:42:13 +01:00
Raphaël Vinot 4a7bb59354 chg: Allow malware-sample as only attribute in file. 2017-12-12 17:16:47 +01:00
Alexandre Dulaunoy 4eac3539c4
Merge pull request #58 from c-goes/master 
disable correlation for last-seen/first-seen/text
 2017-12-05 11:33:59 +01:00
c-goes fbccdfef24 disable correlation for last-seen/first-seen/text 2017-12-05 11:05:56 +01:00
Alexandre Dulaunoy 2caceee940
android-permission and coin-address added 2017-12-04 16:15:07 +01:00
Alexandre Dulaunoy f5d1742bae
Merge pull request #57 from c-goes/coin-address 
Coin address object
 2017-12-04 16:00:22 +01:00
c-goes bc01c0c4b8 added coin-address object(2) 2017-12-04 15:43:49 +01:00
c-goes bb0788e267 added coin-address object 2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy b4cae64392
Never trust standards using Google docs to store list of machine parsable information. 
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
 2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy c3f88d6901
State of the file is no more correlated - and default state value is Malicious. 2017-12-04 11:01:56 +01:00
Alexandre Dulaunoy e4f0270a42
Merge pull request #56 from c-goes/victim_wip 
Victim object extended, attributes changed
 2017-12-04 10:56:05 +01:00
c-goes 3fc7ce2f7d victim object: changed attributes, added object relations(2) 2017-12-04 10:49:44 +01:00
c-goes 7fadc89ed8 victim object: changed attributes, added object relations 2017-12-04 10:48:01 +01:00
Alexandre Dulaunoy 82f440931c
Disable correlation on classification on the victim object 2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy a258d79fef
Typo fixed 2017-12-03 11:42:56 +01:00
Alexandre Dulaunoy e11e95415a
add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE) 2017-12-03 11:36:22 +01:00
Alexandre Dulaunoy 04d38118d1
registar->registrar 2017-12-02 23:08:56 +01:00
Alexandre Dulaunoy 465251bf43
fix: update android permissions based on Google latest list 2017-11-28 15:59:01 +01:00