MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,175 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

820 Commits (9185d69d14af77ebe4034cd330493f96f2fbcabd)

Author SHA1 Message Date
Raphaël Vinot 26a9d6b51f new: Objects and relations for FollowTheMoney 2020-05-05 11:02:53 +02:00
Alexandre Dulaunoy 366a8bb121
chg: [boleto] JSON fixed 2020-05-04 13:19:59 +02:00
Carlos Borges 68fe7eed05
New object - Boleto 
Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud.
Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code. 
This object will help institutions identify frauds sources and improve orgs protection.
 2020-05-03 00:02:40 -03:00
VVX7 bb600ce627 chg: [publication] modify requiredOneOf, contributor type to text attribute 2020-04-28 18:58:59 -04:00
VVX7 738f32e27b new: [publication] jq'd the object 2020-04-28 15:46:13 -04:00
VVX7 84633dbd32 new: [publication] add object to describe academic journals, books, etc. 2020-04-28 11:57:28 -04:00
Raphaël Vinot d9f1db590a chg: Sort all the entries in the templates by default 2020-04-26 02:13:18 +02:00
Raphaël Vinot 73d710cfbc fix: Align directory names with object name 2020-04-26 02:07:26 +02:00
Alexandre Dulaunoy 3b5451c325
chg: [legal-entity] website and logo added for legal entity 
Thanks to Emmanuel MANCIET for the proposal
 2020-04-24 18:24:25 +02:00
VVX7 28b4b615ed chg: [object] add new microblog attributes, change some of the descriptions to make them clearer 2020-04-17 00:11:48 -04:00
VVX7 d50a9eeb13 new: [object] add scheduled-event, add social-media-group 2020-04-15 22:57:12 -04:00
VVX7 fae74bf73c Merge branch 'master' of https://github.com/misp/misp-objects 2020-04-15 22:24:57 -04:00
Alexandre Dulaunoy ef01e6e37b
chg: [victim] add a domain to field to reference a victim by their Internet domain name 2020-04-15 09:39:32 +02:00
VVX7 efa53e812d chg: [object] update narrative required object fields 2020-04-10 01:39:05 -04:00
VVX7 1527dedb26 chg: [object] update narrative object fields 2020-04-08 09:45:49 -04:00
Christophe Vandeplas 87e3824d99
Merge pull request #244 from Golbark/x509_enhancements 
chg: [x509] using built-in types wherever possible
 2020-04-08 10:51:01 +02:00
Golbark 238c44041a chg: [x509] using built-in types wherever possible 2020-04-08 01:42:12 -07:00
VVX7 a7e9fd9697 chg: [object] disable correlation on some fields. add external references. 2020-03-28 19:23:28 -04:00
VVX7 2b3e89b614 chg: [object] add narrative description/summary 2020-03-28 19:17:25 -04:00
VVX7 0518dd1aa3 chg: [object] add narrative description/summary 2020-03-28 19:16:33 -04:00
VVX7 1198f8fe68 chg: [object] change narrative version 2020-03-27 15:46:31 -04:00
VVX7 e387009bdd new: [object] add narrative. 2020-03-27 15:10:22 -04:00
Raphaël Vinot b436f9f28b Merge branch 'master' of github.com:MISP/misp-objects 2020-03-24 13:24:40 +01:00
Raphaël Vinot 9eedb854de chg: Bump CSSE COVID-19 Daily report to new version 2020-03-24 13:24:31 +01:00
chrisr3d fdfe7d2e4c
add: External references attribute for attack-pattern object 2020-03-17 10:03:33 +01:00
Alexandre Dulaunoy 7ef9a2ba56
Merge pull request #240 from cudeso/master 
Objects for data coming from the Cytomic Orion API
 2020-03-10 09:40:50 +01:00
Koen Van Impe 2c58470654 JQ-all-the-things 2020-03-09 23:29:29 +01:00
Koen Van Impe ecac7ea52a Update object definition with first-|last- seen 2020-03-09 23:26:25 +01:00
Alexandre Dulaunoy a09f7f55a8
chg: [victim] add reference to case (as requested by law-enforcement - ENFORCE project) 2020-03-09 16:32:18 +01:00
Alexandre Dulaunoy 65a51a586f
chg: [http-request] fixed 2020-03-09 16:25:57 +01:00
Alexandre Dulaunoy 401b8a4619
Merge pull request #239 from cbboggs/cbboggs-http-request 
Adding optional ip-src to http-request
 2020-03-09 16:25:14 +01:00
Koen Van Impe bffae90c3d Remove -x from JSON files 2020-03-07 09:28:43 +01:00
Koen Van Impe bbac01aa1b Fix with jq_all_the_things 2020-03-07 09:24:51 +01:00
Koen Van Impe 8bb88fceaf Objects for data coming from the Cytomic Orion API 2020-03-07 09:03:01 +01:00
frpet 5fdec81530 Update definition.json 
bump version
 2020-03-06 14:08:20 +01:00
cbboggs fa6fe463a9
Adding optional ip-src to http-request 
modified existing "ip" attribute to "ip-dst", and added attribute for ip-src.   This allows http-request to be used in scenarios where observed connections are source specific, not destination specific.
 2020-03-05 12:24:14 -06:00
frpet 2c6c44ccf8 Use more explicit misp-attribute types 
Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
 2020-03-05 18:55:29 +01:00
Alexandre Dulaunoy 3d57ee4fd2
chg: [network-socket] add filename to object template 
Reported-by: Belgian Defence - Tancred
 2020-03-04 14:25:26 +01:00
Alexandre Dulaunoy 1e5bb552f8
chg: [microblog] add Twitter-id reference 2020-03-04 14:08:10 +01:00
Raphaël Vinot b29a360c02 new: Add covid19 dxy live object 2020-03-02 00:12:24 +01:00
Raphaël Vinot 89db1fc34e Merge branch 'master' of github.com:MISP/misp-objects 2020-02-29 01:17:04 +01:00
Raphaël Vinot eabd0c1e55 new: CSSE COVID-19 Dataset - Daily report 
Source:
  https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data
 2020-02-29 01:16:28 +01:00
Raphaël Vinot 416820edc0 new: [crypto-material] add generic-symmetric-key 2020-02-27 15:41:45 +01:00
Raphaël Vinot ef0c95bc9b Merge branch 'master' of github.com:MISP/misp-objects 2020-02-27 10:50:58 +01:00
Raphaël Vinot 6f5cd0d9d3 chg: [IntelMQ Event] replace non-ascii double quote by single quote 2020-02-27 10:50:47 +01:00
Raphaël Vinot 2f2315d4e2 fix: Typo in requiredOneOf 2020-02-26 14:52:06 +01:00
Raphaël Vinot d9226e0f5a fix: Typo in requiredOneOf 2020-02-26 14:49:59 +01:00
Alexandre Dulaunoy d110657604
chg: [vulnerability] remove underscore from the object 2020-02-25 10:53:17 +01:00
Alexandre Dulaunoy 8de8d85979
chg: [iot-device] reference added 2020-02-17 23:12:09 +01:00
Alexandre Dulaunoy 6ed76f4948
add: [iot-firmware] new object template to describe IoT firmware 
The relationship will be often between iot-device and iot-firmware.

Ref: https://github.com/C00kie-/workshop-materials
 2020-02-17 15:07:49 +01:00
Alexandre Dulaunoy 8fa25f4f47
chg: [file] imphash removed as it should be at PE level 2020-02-17 14:29:30 +01:00
Alexandre Dulaunoy 36ae20bf02
chg: [pe] imphash and impfuzzy can be as key attribute 2020-02-17 14:27:05 +01:00
Alexandre Dulaunoy 1d2bfe97ce
Merge pull request #233 from Terrtia/master 
chg: [domain-crawled] domain shouldn't be a multiple
 2020-02-17 10:51:35 +01:00
Terrtia 566612302f
chg: [domain-crawled] domain shouldn't be a multiple 2020-02-17 10:00:21 +01:00
Alexandre Dulaunoy 83073d8c65
chg: [iot] add SPI, Serial and JTAG status 2020-02-17 08:55:47 +01:00
Alexandre Dulaunoy cf30efabc6
chg: [iot] because reusing UUID is bad 2020-02-17 08:33:51 +01:00
Alexandre Dulaunoy 1d0065e852
new: [iot] a first version of the IoT object 
Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials

The idea is to have this root object when a new IoT device is documented
and further objects will be connected such as firmware or even file object
 2020-02-17 07:46:58 +01:00
Alexandre Dulaunoy 48bb38d67a
Merge pull request #232 from Terrtia/master 
domain-crawled object
 2020-02-16 21:04:16 +01:00
Terrtia 42df9d2e2f
chg: [crawled domain] rename object 2020-02-14 17:11:42 +01:00
Terrtia 5c46a3aad4
chg: add domain crawled object 2020-02-14 17:08:37 +01:00
Deborah Servili fdc24a8df8
update version 2020-02-13 12:30:08 +01:00
Deborah Servili 6380007b10
allow several subjects or sender for email objects 2020-02-13 12:28:47 +01:00
ater49 2738648e81 Adding some parts from HAR format description (http://www.softwareishard.com/blog/har-12-spec/) (More to come) 2020-02-10 14:59:35 +01:00
VVX7 1a40095f1a new: [objects] add instant-message object. add instant-message-group object. 2020-02-09 11:39:36 -05:00
Alexandre Dulaunoy 3ba77c9d2c
chg: [sms] the SMS center is a phone number 2020-02-06 12:06:26 +01:00
Alexandre Dulaunoy 371788589c
chg: [rtir] disable correlation on incident state 2020-02-06 11:55:27 +01:00
Alexandre Dulaunoy c32c7f4155
chg: [sms] missing Cellebrite fields added 2020-02-06 11:36:13 +01:00
Alexandre Dulaunoy 013c2c9c22
Merge branch 'master' of github.com:MISP/misp-objects 2020-02-06 11:04:53 +01:00
Alexandre Dulaunoy 3f9aca8e27
chg: [email] ip-src added in the email object templated as requested by Norberto Chavez 
Ref: https://twitter.com/NORBERTOCHAVEZ/status/1225213457429127170
 2020-02-06 11:03:33 +01:00
Raphaël Vinot 0c3aa14165 fix: attachment object relation does not exists. 2020-02-06 10:57:44 +01:00
Alexandre Dulaunoy 78fe4325b7
chg: [vehicule] image + type of vehicle added 2020-02-05 15:15:23 +01:00
Alexandre Dulaunoy ab6d7c3885
chg: [organization] typo fixed + description added 2020-02-05 15:06:37 +01:00
Alexandre Dulaunoy ccc0f4dd1f
chg: [phone] add brand and model 2020-02-05 15:04:10 +01:00
Andras Iklody 195fc46a13
fix: added iban as an alternative to bank account for the requirements 
- fixes https://github.com/MISP/MISP/issues/5358
 2020-02-04 11:46:24 +01:00
Alexandre Dulaunoy 5897fa7c37
Merge pull request #227 from Terrtia/master 
chg: [new object pgp-meta]
 2020-02-03 18:47:37 +01:00
Terrtia ae11730a82
fix: [new object pgp-meta] remove first seen/last seen + fix description 2020-02-03 16:45:28 +01:00
Terrtia b036b52e36
chg: [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature 2020-02-03 16:03:34 +01:00
VVX7 bde68265e3 chg: [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media. 2020-02-02 20:08:44 -05:00
VVX7 bc052e17f4 chg: [object field] add profile picture to user-account 2020-01-31 18:27:42 -05:00
VVX7 ed8e72bdb4 chg: [object field] enable multiple URL/link in microblog 2020-01-31 17:11:29 -05:00
VVX7 3bb42c766f chg: [object field] add title to microblog 2020-01-31 17:01:57 -05:00
VVX7 e4d217172e chg: [object field] add link for user-account page 2020-01-30 21:51:56 -05:00
VVX7 329d92162c chg: [object fields] add forged-document types, add microblog state 2020-01-30 21:31:06 -05:00
VVX7 4c4a3aabe5 new: [objects] news-agency, news-media 2020-01-30 19:57:39 -05:00
VVX7 8fa0166b24 chg: [microblog] allow multiple attachments per the enhancement request 2020-01-30 16:41:40 -05:00
VVX7 804e2116ce chg: [microblog] add attachment field for issue #186 2020-01-30 16:36:56 -05:00
VVX7 ce20ea05fe chg: [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description 2020-01-30 14:08:19 -05:00
VVX7 0b5c9bde29 chg: [blog] add title field to object 2020-01-29 21:55:26 -05:00
VVX7 acf22d496c chg: [meme-image] uuid and name duplicate 2020-01-28 22:08:45 -05:00
VVX7 79026cb1d6 Merge remote-tracking branch 'upstream/master' 2020-01-28 21:49:12 -05:00
VVX7 84909f1ff2 new: [objects] blog, forged-document, leaked-document, meme-image 2020-01-28 21:24:04 -05:00
Raphaël Vinot fb878a6901 fix: Wrong name in requiredOneOf 2020-01-28 10:47:18 +01:00
Alexandre Dulaunoy cdc463ef1a
chg: [domain-ip] port added (required by AIL crawling) 2020-01-24 15:46:06 +01:00
Raphaël Vinot e6659c7c7e new: TruStar report object 2020-01-24 12:58:28 +01:00
Alexandre Dulaunoy 1a3d6392f3
Merge pull request #219 from N1col4s5742/master 
Add vehicle state
 2020-01-24 11:23:28 +01:00
Nicolas e8583c5e13 change definition.json for vehicle and geolocation with verification sponge 2020-01-24 10:40:50 +01:00
Nicolas 6fd7dfc896 change definition.json for vehicle and geolocation 2020-01-24 10:30:22 +01:00
Nicolas 6cc3f4a51c change definition.json for vehicle 2020-01-24 10:25:32 +01:00
Raphaël Vinot fa63480391 fix: to_ids must be a bool 2020-01-16 13:46:53 +01:00
Andras Iklody 92ebb542c2
fix: [microblog] to_ids changes 2020-01-16 10:44:51 +01:00
Steve Clement 003391bab1
Merge remote-tracking branch 'upstream/master' into process 2020-01-14 09:47:45 +09:00
StefanKelm 1e096535ef
Update definition.json 
Add compilation timestamp (similar to pe object)
 2020-01-10 15:00:19 +01:00
Alexandre Dulaunoy ce80fb6384
chg: [microblog] disable correlation for the verified-username state 2019-12-27 11:27:53 +01:00
Alexandre Dulaunoy faf2b07599
chg: [annotation] 'full report' type added 2019-12-26 18:29:57 +01:00
N1col4s5742 c611736e35
Vehicle state 2019-12-20 14:20:08 +01:00
N1col4s5742 59027ddc6a
Bump version 2019-12-20 14:18:10 +01:00
N1col4s5742 5f1e6c5fec
Add vehicle state 2019-12-20 14:14:49 +01:00
Alexandre Dulaunoy bce1018325
Merge branch 'master' of github.com:MISP/misp-objects 2019-12-17 14:59:50 +01:00
Alexandre Dulaunoy e832f5ce64
chg: [organization] VAT - TAX-ID added in the template 2019-12-17 14:59:00 +01:00
Deborah Servili 33a7d6b574
Merge pull request #217 from Delta-Sierra/master 
add imphash in file object
 2019-12-10 12:26:08 +01:00
Deborah Servili c0877cfd7c
add imphash in file object 2019-12-10 12:19:29 +01:00
Alexandre Dulaunoy ab484998ff
chg: [microblog] add the ability to have non-malicious links 
Fix #215
 2019-12-06 14:59:12 +01:00
Jean-Louis Huynen 0fd9ff6670
chg: [dark-pattern] typos 2019-12-04 16:17:45 +01:00
Alexandre Dulaunoy 4185e2b8e2
chg: [script] attachment field added 2019-12-04 13:41:08 +01:00
Jean-Louis Huynen b69657b7b1
add: [dark-pattern] new object to share dark-patterns 2019-12-03 16:23:54 +01:00
Alexandre Dulaunoy 5e9aeadc7a
Merge branch 'master' of github.com:MISP/misp-objects 2019-12-03 08:07:50 +01:00
Alexandre Dulaunoy 34ac927065
new: [virustotal-graph] VirusTotal graph object added 
Based on the discussion with VT, virustotal-graph object has been added which will
be used with the expansion modules and also to trigger the specific
quick-tab in MISP to display the VT graph result in an iframe if this
object is present.
 2019-12-03 07:39:28 +01:00
m4tze 33a75fe4f2
updated "version" to 4 2019-11-29 09:09:30 +01:00
m4tze cd08dc32a0
added "type" to "requiredOneOf" 2019-11-29 08:56:55 +01:00
Raphaël Vinot 68d61d25d9 fix: Type asn -> AS 2019-11-25 16:23:42 +01:00
Raphaël Vinot 2ce8794528 fix: ui-priority is required in the object template 2019-11-25 16:21:19 +01:00
Raphaël Vinot 185fae4a61 fix: Make jq happy 2019-11-25 14:48:51 +01:00
Raphaël Vinot 2fe41c1c46 new: IntelQM objects 2019-11-25 14:43:28 +01:00
Raphaël Vinot 3d7b09e9c4 chg: Update crypto-material and url 2019-11-18 18:03:01 +01:00
Alexandre Dulaunoy 4b76b30061
chg: [microblog] verified field added to add the state of the username 2019-11-16 21:13:10 +01:00
Deborah Servili bdad48d587
switch requiredOneOf list to required since it contains only one element 2019-11-08 15:35:14 +01:00
Jean-Louis Huynen 7b2e5061bb chg: [x509, crypto-material] several changes: 
- enables correlation on n, p, q;
- allows for only providing modulus for crypto material;
- specifies the expected data format of several fields.
 2019-10-31 10:09:40 +01:00
Alexandre Dulaunoy 58d6722f5e
chg: [crypto-material] new object to described key materials (public and private) 2019-10-17 15:41:01 +02:00
Alexandre Dulaunoy 0859a97535
chg: [x509] to map with D4 project snakeoil database 2019-10-17 14:48:21 +02:00
Alexandre Dulaunoy edf8b59af7
chg: [cowrie] to add HASSH of the client SSH session following Salesforce algorithm 
As mentioned in #84
 2019-10-05 10:05:26 +02:00
Raphaël Vinot 2cd5329b00 fix: duplicate in coin-address 2019-10-01 13:21:28 -07:00
Alexandre Dulaunoy 49e6c989d5
chg: [coin-address] DASH cryptocurrency address added 2019-10-01 20:17:44 +02:00
Alexandre Dulaunoy ffc120106c
Update definition.json 
Following discussion during MISP training - new language seen in a malware campaign.
 2019-09-25 12:15:04 +02:00
Deborah Servili 6622083a2b
rename object misc to organization + update version 2019-09-23 12:57:09 +02:00
Deborah Servili d116b7e4b2
Update version of paste object 2019-09-23 09:54:41 +02:00
Alexandre Dulaunoy 4ab14e785a
chg: [translation] double entry fixed in requiredOneOf 
Signed-off by:  By de leaduh of JavaScript and decayin' indicatawhs
 2019-09-20 09:05:49 +02:00
Alexandre Dulaunoy 52e8f9e98b
chg: [translation] list of sane default for the languages + type of translation 2019-09-20 07:30:30 +02:00
Deborah Servili 4081dc8f8f
jq 2019-09-19 16:26:41 +02:00
Deborah Servili 2721d103e5
add translation object 2019-09-19 16:14:48 +02:00
Deborah Servili a210cb0490
add hashtag attribute in microblog object 2019-09-19 13:33:45 +02:00
Deborah Servili 85f9aee365 Merge https://github.com/MISP/misp-objects 2019-09-17 15:00:51 +02:00
Deborah Servili ca70c9ca9b
update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post 2019-09-17 14:59:34 +02:00
Alexandre Dulaunoy a7157678af
Merge pull request #204 from saadkadhi/patch-1 
Better wording
 2019-09-12 11:12:36 +02:00
Saad Kadhi 0f76563ffc
Better wording 2019-09-11 22:02:48 +02:00
Saad Kadhi a98631d533
Better wording 2019-09-11 21:59:37 +02:00
Alexandre Dulaunoy 0910f0b15f
chg: [credential] adding disable correlation when required 2019-09-11 10:27:27 +02:00
Alexandre Dulaunoy 951abf10fe
chg: [new object templates] various updates 2019-09-11 09:11:28 +02:00
Alexandre Dulaunoy ebcb886037
Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master 2019-09-11 08:52:20 +02:00
Deborah Servili b9d16a38ad
draft command object 2019-09-10 16:15:40 +02:00
Deborah Servili 0d40f64815
add impersonation object 2019-09-09 16:36:16 +02:00