Commit Graph

1304 Commits (81968ba088dd3e0b6a0988f23485361b92a14bfc)

Author SHA1 Message Date
Alexandre Dulaunoy c536f2f318
fix: [shadowserver-malware-url-report] `port` field added 2023-12-06 08:45:51 +01:00
Alexandre Dulaunoy a240e70334
fix: [victim] object updated 2023-12-05 20:58:22 +01:00
Matthieu Faou 5a19c46498
Changed academic research to academia - university to align with the sector cluster 2023-12-05 12:25:32 -05:00
Matthieu Faou d7007fe456
Added 5 sectors to the victim object 2023-12-05 11:50:38 -05:00
Alexandre Dulaunoy c18a240153
new: [shadowserver-malware-url-report] first version
Transposition of the `malware_url` from Shadowserver
2023-11-22 09:20:56 +01:00
Matthijs van P fd90274503
Merge branch 'MISP:main' into main 2023-11-21 14:03:33 +01:00
Alexandre Dulaunoy d4b6596a9d
fix: [crowdstrike-report] jq all the things 2023-11-21 08:20:35 +01:00
akshayjain-1 516d5ac668
Update definition.json
Changed the file hash attribute type to sha256 from text
2023-11-20 13:54:12 -05:00
akshayjain-1 feeaa600b7
Create definition.json for Crowdstrike report 2023-11-20 12:09:18 -05:00
Matthijs van Polen f90ff8c3c0 [attack-step] Fixed typo, added multiples. 2023-11-10 15:18:48 +01:00
Christian Studer 8fb566fc60
add: [intrusion-set] Added `first_seen` & `last_seen` attributes 2023-11-09 12:10:52 +01:00
Alexandre Dulaunoy 0e4c819354
Merge pull request #405 from bynt/main
new misp-object: c2-list
2023-11-07 21:19:55 +01:00
Christian Studer d1653d9783
add: [user-account] Added email attribute 2023-10-31 15:49:44 +01:00
Alexandre Dulaunoy 5feb052732
chg: [cs-beacon-config] some updates 2023-10-13 16:29:01 +02:00
Alexandre Dulaunoy 3c2b62d3c3
chg: [cryptocurrency-transaction] fix the UUID 2023-09-28 10:18:32 +02:00
Alexandre Dulaunoy 40323d411e
new: [cryptocurrency-transaction] generic transaction object for any
cryptocurrency
2023-09-28 10:14:34 +02:00
Alexandre Dulaunoy 64e37f4bc8
chg: [coin-address] add a generic crypto address if the address format
is not known or supported
2023-09-28 10:06:02 +02:00
Martin Waleczek 652f0f7120 reorder elements 2023-09-19 17:05:06 +02:00
Martin Waleczek aa3bbd44fa add c2-ip to definition.json 2023-09-19 16:58:06 +02:00
Martin Waleczek 4e10e5501e add definition.json for c2-list 2023-09-19 16:31:10 +02:00
Christian Studer bb21ca8350
fix: [ilr-notification-incident] Typo 2023-09-14 16:58:22 +02:00
Alexandre Dulaunoy 0edf925a59
chg: [email] email-body-attachment added 2023-09-11 11:28:39 +02:00
Alexandre Dulaunoy d32f9b1add
fix: [virustotal-report] bump version 2023-09-01 09:34:08 +02:00
Christian Studer 1ddb03e342
fix: [artifact] Properly JQed the end of file 2023-08-17 14:49:44 +02:00
Christian Studer 9a63309ba4
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes
- A change to adopt the same logic as file objects
  regarding the different hash values
- In STIX 2.1 an Artifact object is not necessarily
  linked to a File object and both referenced by
  an Observed Data object. In some cases Artifact
  objects are referenced for instance by Malware
  objects, in which case they describe the actual
  malware sample. It is then usefull to have the
  different hash values in single attributes rather
  than concatenated in a text attribute
2023-08-16 23:25:32 +02:00
Christian Studer b87cafc35e
fix: [malware] Fixed `is_family` attribute type 2023-08-10 11:39:44 +02:00
Christian Studer a9f836f751 Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch 2023-08-10 10:00:47 +02:00
Alexandre Dulaunoy 0037856e60
new: [x-header] new generic X header object for SMTP, HTTP and others 2023-08-07 14:36:24 +02:00
Alexandre Dulaunoy 3d81ef381c
fix: [scan-results] JSON and trailing comma ;-) 2023-08-03 10:47:45 +02:00
Alexandre Dulaunoy 2f5fb87c1a
Merge branch 'main' of https://github.com/mFaou/misp-objects into mFaou-main 2023-08-03 10:46:27 +02:00
Luciano Righetti 800d677af6
Merge pull request #398 from righel/add-sigmf-templates
new: add basic SigMF templates
2023-08-03 09:37:27 +02:00
Luciano Righetti 21b06c2f48 fix: jq all the things 2023-08-03 09:30:58 +02:00
Luciano Righetti 17a68d93ae fix: minor fixes 2023-08-03 08:07:47 +02:00
Luciano Righetti ac201f475a new: sigmf archive object 2023-08-03 08:07:33 +02:00
Matthieu Faou 0515870942
Added requiredOneOf to scan-result object definition 2023-08-02 15:35:12 -04:00
Matthieu Faou 56941c6e93
Removed the scan-result field requirement in the scan-result object 2023-08-01 16:33:23 -04:00
Alexandre Dulaunoy 4da05293d7
fix: [malware-config] typo fixed 2023-07-31 11:21:29 +02:00
Alexandre Dulaunoy fb0ffd5d4b
chg: [malware-config] to add attachment and description of the malware config 2023-07-31 11:17:23 +02:00
Alexandre Dulaunoy 17f71b39bd
chg: [scan-results] jq all the things 2023-07-28 22:25:37 +02:00
Matthieu Faou 5e201f4e0d
removed line break 2023-07-28 15:15:17 -04:00
Matthieu Faou 22477f7bc6
Added internet scanning tools to scan-result 2023-07-28 15:09:25 -04:00
Christian Studer 9486bbbab1
add: [malware] New object template to describe a malware 2023-07-25 16:30:00 +02:00
Christian Studer 5c830087a0
add: [malware-analysis] New object template to describe a static or dynamic analysis performed on a malware instance or family 2023-07-25 15:24:39 +02:00
417190e5c48babc7 ab1f97b881 chg: [ja3s] Add domain and hostname attributes 2023-07-20 10:24:42 +03:00
Alexandre Dulaunoy 0f5cbd49d0
Merge pull request #396 from MISP/chrisr3d_patch
New object templates to support new STIX 2.1 Incident extension objects
2023-07-19 08:39:56 +02:00
Steph S 32e21c8806 Fixed json formatting 2023-07-13 09:48:12 -04:00
Steph S c7bade5c8b Added a is-malicious attribute for abuseipdb and added a google-safe-browsing object for the google-safe-browsing expansion module 2023-07-13 09:25:26 -04:00
Luciano Righetti 316a4b07d1 new: add fft and waterfall attributes 2023-07-12 15:33:23 +02:00
Luciano Righetti ba6bad723b fix: jq all the things 2023-07-11 17:04:18 +02:00
Luciano Righetti 59d2a301b9 new: add basic SigMF templates 2023-07-11 16:54:11 +02:00
Steph S 1374b0c7f0 Added AbuseIPDB object template for the AbuseIPDB expansion module 2023-07-10 15:22:27 -04:00
Alexandre Dulaunoy e6864eb745
chg: [hhhash] newline fixed 2023-07-10 16:40:22 +02:00
Alexandre Dulaunoy f7da39c557
new: [hhhassh object] An object describing a HHHash object with the hash value along with the crawling parameters. For more information: https://www.foo.be/2023/07/HTTP-Headers-Hashing_HHHash 2023-07-10 16:38:12 +02:00
Christian Studer e215a0ff1a
add: [incident] Added the score attribute
- We will probably parse scores and build the
  attribute value the following way:
  "{name} - {description}: {score}"
2023-07-07 11:36:42 +02:00
Christian Studer ae62d5f9b3
fix: [impacts] Typo 2023-06-22 15:50:54 +02:00
Christian Studer 49a715e1cf
fix: [confidentiality-impact] JQed 2023-06-22 15:41:06 +02:00
Christian Studer e3556784b5
wip: [task] New object template for tasks as described in STIX 2.1 Incident object extensions 2023-06-22 15:39:02 +02:00
Christian Studer 3c17729f0e
wip: [impacts] New template for different types of impacts as described in STIX 2.1 Incident object extensions 2023-06-22 15:16:48 +02:00
Christian Studer c5c8f35fb4
wip: [event] New object template to describe events that can happen during an incident 2023-06-22 12:28:47 +02:00
Christian Studer 1a05a9f253
add: [incident] Added the required object relation 2023-06-22 12:28:04 +02:00
Christian Studer ef04ff8020
add: [incident] Incident object based on the STIX 2.1 Incident object as well as its core extension 2023-06-21 16:32:30 +02:00
Christian Studer f6d069dc3d
fix: [organization] Fixed missing comma
- Managed to improve the description too
2023-06-15 13:51:08 +02:00
Christian Studer 1f3b9312cc
add: [organization] Added the generic `contact_information` and `sector` fields for an organization 2023-06-15 13:27:55 +02:00
Alexandre Dulaunoy e26541e89e
Merge branch 'main' of github.com:MISP/misp-objects into main 2023-06-14 19:21:37 +02:00
Alexandre Dulaunoy 5d307f7c30
chg: [cookie] cookie can be also only a key or a value
This change is required for the AIL project export
2023-06-14 17:36:22 +02:00
Michael Trenker 241f4455ac ran jq_all_the_things.sh 2023-06-14 11:54:46 +00:00
Michael Trewen 25e1790e74 jq 2023-06-13 19:15:23 +02:00
Michael Trewen 71cc235a5d new:added Diamond Object 2023-06-13 10:47:28 +02:00
Christian Studer ec8645f421
add: [crowdsec-ip-context] Added the `false-positives` attribute that comes alongside with the `classifications` 2023-05-26 14:17:10 +02:00
Christian Studer 35285505a1
add: [crowdsec-ip-context] Added the classifications multiple attribute 2023-05-24 16:29:06 +02:00
Alexandre Dulaunoy 61608e5d44
chg: [scan-result] updated list of potential scanning tool
Source: https://gist.github.com/SteveClement/baf3a9ae0ba030283ecc30acd6f7c2ae
2023-05-24 11:03:47 +02:00
Alexandre Dulaunoy 20f567757d
chg: [scan-result] jq all the things 2023-05-22 14:08:34 +02:00
Alexandre Dulaunoy e33e893b44
new: [scan-result] object for scanning result
This is the metadata of a scanning result including the raw output of
the scan result.

This objects can be used for tools like Nessus or even source code
scanner to share the details about a scan.

For additional information such IP address or alike, other objects will
be used with the proper relationship added.
2023-05-22 14:04:48 +02:00
goodlandsecurity 4e5719f29a
adding cobalt strike beacon config object 2023-05-19 14:07:24 -05:00
Alexandre Dulaunoy a605792844
chg: [crowdsec] jq all the things 2023-05-12 10:34:19 +02:00
Alexandre Dulaunoy b0e5f39f26
Update definition.json 2023-05-12 10:31:33 +02:00
Alexandre Dulaunoy 65f4be51d5
chg: [crowdsec] updated 2023-05-12 08:52:19 +02:00
Alexandre Dulaunoy 3d736c427c
new: [crowdsec-ip-context] new initial object for crowdsec expansion 2023-05-11 16:52:24 +02:00
Alexandre Dulaunoy fd12a1bcd7
fix: [ai-chat-prompt] improved ai-chat-prompt template 2023-04-16 10:50:30 +02:00
Alexandre Dulaunoy 302697e045
chg: [ai-chat-prompt] ui-priority fixed 2023-04-15 16:38:13 +02:00
Alexandre Dulaunoy b81698ae10
new: [ai-chat-prompt] new object template for AI chat prompt such as ChatGPT
Following a discussion with @aaronkaplan in Vienna, this object is a
first version to describe an AI chat prompt. The template can describe
the model used, the actual quality of results and also what's the actor
context.

Reference #388
2023-04-15 16:31:22 +02:00
Alexandre Dulaunoy e1327d02bb
new: [risk-assessment-report] New object template Risk assessment report
To be used to share risk assessment report from risk assessment platform
such as [MONARC](https://github.com/monarc-project/).

This extension is done in the scope of the [NISDUC project](https://www.nisduc.eu/).

TODO: Maybe add a field for machine-readable version of the report
2023-04-13 10:41:39 +02:00
Christian Studer 9e4afdfb7a
add: [network-socket] Added MAC address attributes
- Even though they are not exactly part of the
  socket fields, it could be interesting to have
  them to have the information about them like
  they are described within the packets that are
  sent using the socket
2023-03-31 11:30:33 +02:00
Alexandre Dulaunoy b49c6824ba
chg: [greynoise-intelligence] JSON fixed 2023-03-10 15:34:32 +01:00
Brad Chiappetta 9b74873fe5 add greynoise-ip object 2023-03-10 09:16:49 -05:00
Christian Studer 1da4760dcc
fix: [network-connection, network-socket] Bytes count if also better with an S 2023-03-07 23:26:51 +01:00
Christian Studer 437808339e
fix: [network-connection, network-socket] Packets count is better with an S 2023-03-07 23:19:08 +01:00
Christian Studer 1cab455a56
fix: [network-socket] Typo 2023-03-07 16:54:30 +01:00
Christian Studer d71cdf367d
add: [network-socket] Added bytes & packets count object relations for both the source and destination 2023-03-07 16:49:06 +01:00
Christian Studer 1651281d0b
add: [network-socket] Added the first & last packet seen object relation and made the protocol attribute multiple 2023-03-07 16:48:00 +01:00
Christian Studer 57beac3bc7
add: [network-connection] Added bytes & packets count object relations for both the source and destination 2023-03-07 16:45:51 +01:00
Christian Studer 0e9ae98b49
add: [network-connection] Added a `last-packet-seen` attribute 2023-03-06 12:02:24 +01:00
Christian Studer 9c51feb43b
add: [network-connection] Added MAC address attributes 2023-03-03 14:55:09 +01:00
Christian Studer 4b5faf196b
add: [registry-key-value] New template to describe registry key values
- The `registry-key` object template includes
  already the `data`, `data-type` & `name` fields
  of a registry key value, but there is a
  limitation in the case of multiple registry key
  values
- In order to describe multiple registry key
  values, instead of adding a simple `multiple`
  field to the related and above mentioned fields,
  it is better to use the `registry-key-value`
  template so we know which data, data type and
  name values are related to a given registry key
  value
- It is then possible to have a reference between
  the registry key object and the related values
2023-03-01 20:50:30 +01:00
Raphaël Vinot f579209884 fix: forgot to jq all the things. 2023-03-01 15:13:39 +01:00
Raphaël Vinot 38cfc975b5 fix: [ais] invalid ref name in requirements 2023-02-28 13:14:13 +01:00
Raphaël Vinot ba80167846 chg: rename AIS -> ais to match the directory name. 2023-02-28 13:10:31 +01:00
Christian Studer 79bf12de68
add: [directory] New object template for directories 2023-02-27 10:56:31 +01:00
Christophe Vandeplas 0c7eb831d8 chg: [AIS] Addition of AIS maritime ship identification and tracking 2023-02-25 18:48:11 +08:00
Christian Studer 892b7ee70f
add: [file] Added creation, modification & access time attributes 2023-02-20 19:31:59 +01:00
Alexandre Dulaunoy d60112ee66
new: [ransomware-group-post] First draft object for ransomlook.io 2023-02-17 10:33:59 +01:00
Alexandre Dulaunoy 13f173a3ce
fix: [victim] format fixed 2023-02-02 10:58:30 +01:00
Alexandre Dulaunoy 89010c466c
Merge pull request #383 from nyx0/main
[victim] add information and cultural industries sector
2023-02-02 10:57:08 +01:00
Alexandre Dulaunoy cd27802aab
fix: [objects description] ref #384 - Grammar fixes included in the JSON files. 2023-02-02 10:51:32 +01:00
Thomas Dupuy 9b56d1f427 fix: [victim] replace tab with spaces 2023-02-01 16:56:32 +00:00
Thomas Dupuy 92ed5d48ad new: [victim] add information and cultural industries sector 2023-02-01 16:48:01 +00:00
Thomas Dupuy bd168c639a chg: [victim] sort sectors 2023-02-01 16:40:24 +00:00
Alexandre Dulaunoy fa39a64dc4
chg: [transport-ticket] update to add the type of ticket (e.g. boarding pass versus ticket) 2023-01-27 15:55:08 +01:00
Alexandre Dulaunoy 5a45977e23
fix: [transport-ticket] JSON orders 2023-01-27 15:33:22 +01:00
Alexandre Dulaunoy 81214acbbe
new: [transport-ticket] new object template to describe a transport ticket
Credits for the idea: Maxime Benoit
2023-01-27 15:30:32 +01:00
David Cruciani 350c9b07cf chg: [typosquatting] jq_all_the_things 2023-01-16 08:45:20 +01:00
David Cruciani 7518752dff add: [object] typosquatting-finder 2023-01-16 07:48:03 +01:00
Alexandre Dulaunoy 5cb7e98e20
fix: [victim] jq run 2023-01-06 15:08:28 +01:00
Thomas Dupuy 9e9540524d new: Add legal sector. 2023-01-04 17:10:18 +00:00
Alexandre Dulaunoy 322cbaa21e
fix: [vehicle] jq all the things 2022-12-30 07:37:54 +01:00
Andras Iklody 3e8730cc1f
fix: [language] Turning french fries into freedom fries 2022-12-23 08:59:16 +01:00
Alexandre Dulaunoy a3263d72d6
fix: [jq] all 2022-12-22 13:15:10 +01:00
Alexandre Dulaunoy c52481cac1
fix: [thaicert-group-cards] name is singular has a single value which
can be multiple
2022-12-22 13:12:05 +01:00
Alexandre Dulaunoy 2b65dedb4d
fix: [objects] jq all the things 2022-12-22 13:10:03 +01:00
Alexandre Dulaunoy 83930e211f
chg: [groups->thaicert-group-cards] to make it more logical 2022-12-22 13:08:34 +01:00
Alexandre Dulaunoy b9c512a71b
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00
th3r3d 56c6b9148c
Create definition
Faked persnona template inspired by MITRE
2022-12-12 19:03:29 +01:00
th3r3d 5ff1dff7b0
Create definition in groups
Inspired by threat actor group cards
2022-12-12 19:02:23 +01:00
th3r3d 262e2bee90
Created definition for ADS
For ADS framework - create
2022-12-12 19:01:23 +01:00
Alexandre Dulaunoy 858e485263
fix: [mactim-timeline-analysis] invalid UUID fixed 2022-12-11 13:03:18 +01:00
Alexandre Dulaunoy d491cde4b1
fix: [fail2ban] incorrect UUID fixed 2022-12-11 12:54:24 +01:00
Alexandre Dulaunoy 2787dc45d7
fix: [person] add a missing passport-creation date field. 2022-11-19 12:21:16 +01:00
Christian Studer b877eb0815
add: [exploit] Added `description` and `title` attributes 2022-10-23 23:11:48 +02:00
Delta-Sierra e7b9a8e7cf add username field in telegram-bot object 2022-10-13 13:45:52 +02:00
Alexandre Dulaunoy 82c699cc5f
new: [telegram-bot] new object to describe Telegram bots 2022-10-13 10:32:58 +02:00
Alexandre Dulaunoy 06df368890
new: [intrusion-set] based on the STIX 2.1 definition
TODO - "Open Vocabularies" - value versus description.
2022-09-29 07:32:52 +02:00
Alexandre Dulaunoy 35df5bad01
new: [exploit] Exploit object template to describe code or program used
to exploit specific vulnerabilities. The objet can be linked to
`vulnerability` objects but also device, iot, firmware or alike.
2022-09-26 07:40:11 +02:00
Alexandre Dulaunoy 3cf9307b24
Merge branch 'main' of github.com:MISP/misp-objects into main 2022-09-09 07:26:37 +02:00
Alexandre Dulaunoy fa26cdf15e
fix: [facebook-group] add an optional ID reference to the facebook id 2022-09-09 07:24:05 +02:00
Alexandre Dulaunoy fc51889b42
new: [facebook-reaction] new object to link reaction with facebook posts or alike 2022-09-09 07:21:59 +02:00
Alexandre Dulaunoy 3abfb19982
Merge pull request #370 from goodlandsecurity/spearphishing-objects-v2
spearphishing-objects-v2
2022-08-26 08:53:49 +02:00
goodlandsecurity b258786935 jq_all_the_things 2022-08-25 16:03:59 -05:00
goodlandsecurity 26c2767228 allow multiple of certain types. bump version 2022-08-25 15:56:36 -05:00
Alexandre Dulaunoy ec351176f9
chg: [security-playbook] JSON fixed 2022-08-25 10:17:48 +02:00
Vasileios Mavroeidis 2771e2681f
Update definition.json
Found the issue and updated the playbook-id attribute. It is not required anymore. We should not dictate producers generating this property since it can be used to correlate playbooks. The use case is: If we have a cacao playbook attached then we could have the UUIDV4 extracted from the "attachment" and put at the MISP security-playbook object attribute "playbook-id". Correlation is enabled if another security playbook object follows the same process while attaching the same CACAO playbook. If the attached playbook is a png then there is no way to associate it again with another security playbook object that has the same png as an attachment as we cannot know that. That would be possible only if the attachment had a machine-readable identifier. Another use case is to generate a hash and attach it to a property, but let's leave that for the future and if it is never needed or appears as a use case. Long story short the pull request improves the semantics of the object and correlations of different security playbook objects :)
2022-08-24 18:44:11 +02:00
Alexandre Dulaunoy 9b9c838961
fix: [yara] add a reference link to the YARA object template 2022-08-03 11:46:30 +02:00
Alexandre Dulaunoy 734d85337d
new: [sigma] a sigma attribute exists in MISP but the object was
missing to add some additional meta information.
2022-08-03 11:44:37 +02:00
Alexandre Dulaunoy 50f61a03be
chg: [scheduled-task] disable_correlation + clarification 2022-07-08 15:03:27 +02:00
Delta-Sierra 73c2462448 Windows Scheduled Task Object - First draft 2022-07-07 15:17:34 +02:00
matthijsvp 8e024f4863 chg: Fixed typo in disable_correlation 2022-07-01 16:59:03 +02:00
matthijsvp 896fb72735 Merge from master 2022-07-01 16:47:23 +02:00
Matthijs van P 29d7467de9
Merge branch 'MISP:main' into main 2022-07-01 16:43:49 +02:00
matthijsvp 593d80abd1 initial commit 2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy db5033f385
fix: [ftm-*] Fixing missing description - #363 2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy 85dd164dbb
fix: [ftm] missing description fix #363 2022-06-30 17:19:33 +02:00