Raphaël Vinot
8c178fd837
fix: Make JQ happy.
2018-01-23 10:43:36 +01:00
garanews
0f3b8195f5
sandbox-signature
...
Added object sb-signature
2018-01-23 10:12:07 +01:00
Alexandre Dulaunoy
90e72d5895
fix: person object updated to match AML client record + various fixes
2018-01-22 14:16:46 +01:00
Alexandre Dulaunoy
cd528865bb
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program
2018-01-22 13:34:33 +01:00
kx499
1f061ce2ed
Merge remote-tracking branch 'upstream/master'
2018-01-18 10:49:57 -05:00
Alexandre Dulaunoy
c75015e1a6
fix: registry-key updated
2018-01-18 13:49:03 +01:00
Alexandre Dulaunoy
c04d56d7cd
remove registry hive because registry-key is enough
2018-01-18 13:47:57 +01:00
Alexandre Dulaunoy
94cfc57e16
add: registry-hive object describing a Windows registry hive including key, subkey and
...
value (and associated data if any)
2018-01-18 12:54:01 +01:00
Alexandre Dulaunoy
90475bcf9c
fix: We are in 2018
2018-01-14 23:40:32 +01:00
Alexandre Dulaunoy
21e58b3ddf
Merge pull request #68 from yodresh/patch-1
...
Update SS7-attack definition.json
2018-01-11 12:26:40 +01:00
Alexandre De Oliveira
1b42b02c99
Update definition.json
...
Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed.
Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
2018-01-11 11:52:11 +01:00
Alexandre Dulaunoy
2edd725466
Merge pull request #66 from c-goes/sandbox_report_object
...
added sandbox-report object
2018-01-09 12:02:33 +01:00
c-goes
f92eb6e1b7
added sandbox-report object
2018-01-08 17:28:21 +01:00
Alexandre Dulaunoy
735ebf26bc
fix: annotation object
2018-01-08 11:47:19 +01:00
Alexandre Dulaunoy
eafb54fd07
add: An annotation object allowing analysts to add annotations,
...
comments, executive summary to a MISP event, objects or attributes.
2018-01-08 11:28:11 +01:00
Alexandre Dulaunoy
1008428476
fix: add missing attribute type for the state
2018-01-08 08:15:43 +01:00
Alexandre Dulaunoy
71c0ae1e6c
fix: Vulnerability object improved to include the case of unpublished
...
security vulnerability
2018-01-08 07:48:32 +01:00
Alexandre Dulaunoy
60279184dd
add: ss7-attack object for the attack against GSM/UMTS networks seen in
...
SS7 logging.
2018-01-05 16:17:23 +01:00
Alexandre Dulaunoy
8f9c7b1ae1
add: Diameter attack object targeting GSM, UMTS and 4G networks.
2018-01-05 14:34:20 +01:00
Alexandre Dulaunoy
17373f6130
fix: GTPInterface updated
2018-01-05 14:26:28 +01:00
Alexandre Dulaunoy
93f8c7e9d3
fix: GTP attack - multiple on GTP interface
2018-01-05 14:10:05 +01:00
Alexandre Dulaunoy
60d5767e8b
add: first version of a MISP object to describe GTP attack on
...
GSM/UTMS/3G network.
2018-01-05 13:37:54 +01:00
Alexandre Dulaunoy
875f97dce1
add: new relationship "drops" - This relationship describes an object which drops another object
2018-01-04 14:41:40 +01:00
Alexandre Dulaunoy
7ebda41b4a
fix: disable correlation on fields where is not needed
2017-12-30 19:39:55 +01:00
Alexandre Dulaunoy
b4d30b1419
fix: disable correlation on microblog type (Twitter or alike)
2017-12-30 19:26:48 +01:00
Alexandre Dulaunoy
5cd069acdd
fix: disable correlation on all filename-*
2017-12-24 15:05:12 +01:00
Alexandre Dulaunoy
3aea2f2950
fix: Disable correlation on filename by default
2017-12-24 15:02:47 +01:00
Alexandre Dulaunoy
1460d055a0
add: new stix2-pattern object to include STIX 2 patterning
2017-12-21 16:16:33 +01:00
Alexandre Dulaunoy
285635c04c
Merge pull request #61 from cvandeplas/master
...
whois - adds nameserver attributes
2017-12-20 22:19:11 +01:00
Christophe Vandeplas
9de7423501
whois - adds nameserver attributes
...
adding nameserver attributes as a whois response contains those
2017-12-20 15:22:45 +01:00
Alexandre Dulaunoy
871b86e35f
fix: Update registry-key to match correct MISP attributes
2017-12-18 14:16:36 +01:00
Alexandre Dulaunoy
cf7aa00f98
chg: whois object now includes registrant-org matching new MISP
...
attributes type - whois-registrant-org
2017-12-18 14:04:53 +01:00
Alexandre Dulaunoy
b85438fc45
Fix: x509 object now uses the new and proper fp type
2017-12-13 17:39:59 +01:00
Alexandre Dulaunoy
de36d3b735
jq all the things!
2017-12-12 21:57:45 +01:00
Alexandre Dulaunoy
75f9af5464
Merge pull request #41 from truckydev/patch-1
...
regex addon
2017-12-12 21:42:13 +01:00
Raphaël Vinot
4a7bb59354
chg: Allow malware-sample as only attribute in file.
2017-12-12 17:16:47 +01:00
Alexandre Dulaunoy
4eac3539c4
Merge pull request #58 from c-goes/master
...
disable correlation for last-seen/first-seen/text
2017-12-05 11:33:59 +01:00
c-goes
fbccdfef24
disable correlation for last-seen/first-seen/text
2017-12-05 11:05:56 +01:00
Alexandre Dulaunoy
2caceee940
android-permission and coin-address added
2017-12-04 16:15:07 +01:00
Alexandre Dulaunoy
f5d1742bae
Merge pull request #57 from c-goes/coin-address
...
Coin address object
2017-12-04 16:00:22 +01:00
c-goes
bc01c0c4b8
added coin-address object(2)
2017-12-04 15:43:49 +01:00
c-goes
bb0788e267
added coin-address object
2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy
b4cae64392
Never trust standards using Google docs to store list of machine parsable information.
...
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy
c3f88d6901
State of the file is no more correlated - and default state value is Malicious.
2017-12-04 11:01:56 +01:00
Alexandre Dulaunoy
e4f0270a42
Merge pull request #56 from c-goes/victim_wip
...
Victim object extended, attributes changed
2017-12-04 10:56:05 +01:00
c-goes
3fc7ce2f7d
victim object: changed attributes, added object relations(2)
2017-12-04 10:49:44 +01:00
c-goes
7fadc89ed8
victim object: changed attributes, added object relations
2017-12-04 10:48:01 +01:00
kx499
01df8c715e
Added employee-type
2017-12-03 21:39:23 -05:00
Alexandre Dulaunoy
82f440931c
Disable correlation on classification on the victim object
2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy
a258d79fef
Typo fixed
2017-12-03 11:42:56 +01:00