MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
427 Commits
6 Branches
44 Tags
12 MiB
Commit Graph

290 Commits (a3f8b1a0ba287647de2acc5e83df96f7cdb5ebe6)

Author SHA1 Message Date
c-goes bb0788e267 added coin-address object 2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy b4cae64392
Never trust standards using Google docs to store list of machine parsable information. 
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
 2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy c3f88d6901
State of the file is no more correlated - and default state value is Malicious. 2017-12-04 11:01:56 +01:00
c-goes 3fc7ce2f7d victim object: changed attributes, added object relations(2) 2017-12-04 10:49:44 +01:00
c-goes 7fadc89ed8 victim object: changed attributes, added object relations 2017-12-04 10:48:01 +01:00
Alexandre Dulaunoy 82f440931c
Disable correlation on classification on the victim object 2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy a258d79fef
Typo fixed 2017-12-03 11:42:56 +01:00
Alexandre Dulaunoy e11e95415a
add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE) 2017-12-03 11:36:22 +01:00
Alexandre Dulaunoy 04d38118d1
registar->registrar 2017-12-02 23:08:56 +01:00
Alexandre Dulaunoy 465251bf43
fix: update android permissions based on Google latest list 2017-11-28 15:59:01 +01:00
Alexandre Dulaunoy 2baad824b0
add: first version of an android permission(s) object 2017-11-28 15:24:47 +01:00
Deborah Servili 0051ad8167 ddos v5 - add destination domain attribute 2017-11-23 14:43:04 +01:00
c-goes 39319e1cd6 allow multiple filenames 2017-11-23 09:57:49 +01:00
Alexandre Dulaunoy 59edaa978f
raw data is now an attachment 2017-11-22 20:52:26 +01:00
Alexandre Dulaunoy b915869ab2
being lax on origin to avoid rebuilding url path for unknown services 2017-11-22 17:08:56 +01:00
Alexandre Dulaunoy 51e873760e
AIL leak template updated to include duplicate of leaks 2017-11-22 16:38:25 +01:00
Alexandre Dulaunoy dd4e2d1977
fix: MISP type are case-sensitive - fixing AS number type 2017-11-19 10:22:32 +01:00
Alexandre Dulaunoy b046eb4ba7
fix: AIL leak object to include raw-data 2017-11-15 07:32:49 +01:00
Alexandre Dulaunoy 1fd5d4f6a7
fix: subnets announced is an ip-src type 2017-11-14 15:02:49 +01:00
Alexandre Dulaunoy 666c7a6916
added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o 
r alike.

Fix #50
 2017-11-13 20:36:16 +01:00
Raphaël Vinot f9b2bdf22c chg: Fix logic in URL 
Fix #21
 2017-11-10 15:05:22 -08:00
Raphaël Vinot 805ed85bbe chg: Disable some correlations by default in URL 
Fix #47
 2017-11-10 15:02:37 -08:00
Raphaël Vinot dade532c1f Merge branch 'master' of github.com:MISP/misp-objects 2017-11-10 13:29:03 -08:00
Raphaël Vinot b4b3e685ea fix: requiredOneOf list of r2graphity was wrong 
Fix #20
 2017-11-10 13:28:05 -08:00
c-goes 8e47b33787 Added file attribute screenshot to email object 2017-11-09 16:07:54 +01:00
Andras Iklody 6b43b68651
Merge pull request #48 from Delta-Sierra/master 
allow multiple ips in domain|ip object
 2017-11-07 10:08:24 +01:00
Deborah Servili 51f79bceba allow multiple ips in domain|ip object 2017-11-07 09:34:26 +01:00
Alexandre Dulaunoy f46343b2e2
Merge pull request #46 from Delta-Sierra/master 
update ail-leak object
 2017-11-06 16:20:25 +01:00
Deborah Servili d171c73660 update ail-leak object 2017-11-06 14:53:58 +01:00
Alexandre Dulaunoy 2a2b48a162
fix: origin of credential as sane_default 2017-11-02 21:37:53 +01:00
Alexandre Dulaunoy dab3ad881a
add: credential object (fix #44) 2017-11-02 20:41:02 +01:00
Raphaël Vinot 28dfbb50f7 Remove the executable flag from the json files 2017-10-25 12:16:17 -04:00
truckydev fe594f98ba regex addon 
Add field to specify which type correspond to this regex.
 2017-10-25 10:39:39 +02:00
Raphaël Vinot 3569c70407 Add report object 2017-10-24 13:04:41 -04:00
Thomas Gardner 6e36c162a4 fixed av-signature merge conflicts with upstream 2017-10-24 10:26:24 -04:00
Thomas Gardner 1c4933c1ce disabled AV software correlation and re-ran jq-all-the-things 2017-10-24 10:23:46 -04:00
Alexandre Dulaunoy 9410aa99a5
Fix the file object 2017-10-23 20:35:07 +02:00
Alexandre Dulaunoy 0f3261077b
State added to file like signed, harmless... 2017-10-23 20:28:30 +02:00
Raphaël Vinot b801bc6603 jq all the things 2017-10-23 11:51:05 -04:00
Thomas Gardner f9204db304 added av-signature and virustotal-report 2017-10-23 10:43:12 -04:00
Alexandre Dulaunoy a5d2f71fef Merge pull request #34 from MISP/fix-31-2 
Fix object name
 2017-10-16 15:41:33 +02:00
Raphaël Vinot 9078fa0e73 Fix object name 
Related to: https://github.com/MISP/misp-objects/issues/31
 2017-10-16 11:41:22 +02:00
Raphaël Vinot 60a375f85d Fix object name. 
Related to: https://github.com/MISP/misp-objects/issues/31
 2017-10-16 11:40:20 +02:00
Alexandre Dulaunoy 0ab002e94c
Fix typo in the field 2017-10-13 15:08:25 +02:00
Alexandre Dulaunoy 9b55a361ec
Some updates including description of fields 2017-10-13 15:02:04 +02:00
Alexandre Dulaunoy 94b9bc9aee
First version of Netflow object based on proposal from @JanKoDFNCERT 
Open questions:

  - What is a minimal Netflow records? I relax a bit the required fields.
  - How does this work with IPFIX (and variable templates)?
  - How should we express the TCP flags expressed? (S/SA/SAF)
 2017-10-13 14:30:10 +02:00
Alexandre Dulaunoy 2b9ba3ac00
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform) 2017-10-12 22:08:09 +02:00
Alexandre Dulaunoy deda8abfb1
use url attribute type for link inside a post 2017-10-06 08:22:41 +02:00
Alexandre Dulaunoy c4bc232be2
Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4 2017-10-06 08:22:00 +02:00
ater49 a13726c138 Update definition.json 
Link attribute added in case of url present into the post.

Multiple set to true for "username-quoted"
 2017-10-04 13:31:25 +02:00
ater49 71860b21e9 New attributes: title 
In case of paste or post has a title.

Ghostbin.com origin added
 2017-10-04 13:24:29 +02:00
Alexandre Dulaunoy bc7c84ca5a
add: Paste or similar post from a website allowing to share privately or publicly posts. 2017-09-29 14:59:39 +02:00
Alexandre Dulaunoy f10f361df0
jq all and fix the space ;-) 2017-09-28 22:07:15 +02:00
ater49 4c69154ad3 Attributes username-quoted added 
Added Attributes: "username-quoted"
Added types: LinkedIn, Reddit, Google+, Instagram
 2017-09-28 21:36:27 +02:00
Alexandre Dulaunoy 5a80d5c4d2
add: Microblog post object like a Twitter tweet or a post on a Facebook wall. 2017-09-28 19:32:31 +02:00
Alexandre Dulaunoy 5b66865268
Carbon copy field added 2017-09-27 16:43:21 +02:00
Alexandre Dulaunoy 140b55254a
return-path added in email object 2017-09-25 20:37:02 +02:00
Alexandre Dulaunoy 9d14620739
Victim object added mainly based on the STIX 2.0 victim proposal 2017-09-24 21:21:33 +02:00
Alexandre Dulaunoy 3ecace4d12
First version of the ja3 object based on the proposal from @delbs 2017-09-24 20:10:59 +02:00
Alexandre Dulaunoy a5c0c4e192
Fixing typo in the credit-card object 2017-09-21 15:35:05 +02:00
Alexandre Dulaunoy d22ced3b82
whois template fixed 2017-09-18 09:01:57 +02:00
Alexandre Dulaunoy 3e00c3129c
Fix #22 2017-09-18 08:11:25 +02:00
iglocska 10b21c6aac fix: Fixed typo 2017-09-17 12:46:51 +02:00
iglocska 8662818177 fix: Updated the required_value field with the new name: values_list 2017-09-17 12:43:09 +02:00
iglocska 8643f0dc47 fix: Fixed an issue with the email object not having the correct requiredoneof fieldnames, fixes MISP/MISP#2481 2017-09-17 12:31:50 +02:00
Alexandre Dulaunoy 777ef97aeb
An object describing a regular expression (regex or regexp). 
The object can be linked via a relationship to other attributes
or objects to describe how it can be represented as a regular expression.
 2017-09-15 21:02:11 +02:00
Alexandre Dulaunoy d781a0eb05
add: first version of a person object (partially based on the PNR types) 2017-09-14 07:49:50 +02:00
Alexandre Dulaunoy bc27dc6d42
add: first version of the credit-card object 2017-09-13 21:18:16 +02:00
Alexandre Dulaunoy 0e409294c0
fix: port is used instead of text type 2017-09-13 17:26:59 +02:00
Alexandre Dulaunoy 579e851f5e
port type instead of text 2017-09-13 16:42:15 +02:00
Raphaël Vinot 96db4ae070 Disable some correlations 2017-09-11 16:08:03 +02:00
Alexandre Dulaunoy 50fe0c2993 Updated following Andras feedback 2017-09-06 16:13:35 +02:00
Alexandre Dulaunoy 8814be9527 yabin updated following Andras feedback 2017-09-06 16:13:02 +02:00
Alexandre Dulaunoy 317fd559d6 first version of a yabin object 2017-09-06 16:04:37 +02:00
Alexandre Dulaunoy 60f6c15655
Typo fixed 2017-08-29 22:02:10 +02:00
Raphaël Vinot 0445ebd350 Add descriptions in all the objects 2017-08-29 18:36:46 +02:00
Raphaël Vinot 9a3974f383 Update definitions of binaries 2017-08-29 13:25:58 +02:00
Raphaël Vinot d34dd5fb60 Allow multiple entries of type flag in the ELFSection object 2017-08-27 17:49:53 +02:00
Alexandre Dulaunoy 66e7397397
phone defintion fixed 2017-08-27 08:30:58 +02:00
Alexandre Dulaunoy 41f3792b49
first version of a mobile phone object 2017-08-27 08:16:58 +02:00
Raphaël Vinot 7c3aaa30c2 Update ELF definitions, add MachO. 2017-08-25 15:52:32 +02:00
Raphaël Vinot 49cd96aa2b Add mimetype to file object template 2017-08-23 11:01:48 +02:00
Alexandre Dulaunoy 2fd589e151
version updated 2017-08-08 20:39:36 +02:00
truckydev ea7bdb5bd7 add X509-fingerprint 
https://github.com/MISP/MISP/pull/2357
 2017-08-08 15:11:47 +02:00
Thomas Gardner 8558bef481 added http-request object 2017-08-03 16:11:33 -06:00
Alexandre Dulaunoy 10ca2819a1
Fix: tld type not existing in MISP 2017-08-03 18:27:34 +02:00
Alexandre Dulaunoy 113eb9e5a0
A cookie object has been added. 
An HTTP cookie (web cookie, browser cookie) is a small piece of data
that a server sends to the user's web browser. The object includes
type which can help to describe the malicious use-case of the cookie.
 2017-08-03 12:15:26 +02:00
Alexandre Dulaunoy 08e5ebe995
Typo fixed in key-size - Thanks to @StefanKelm 2017-08-03 12:00:00 +02:00
Raphaël Vinot ca24684e2f Update required entries for PE objects 2017-07-21 11:33:38 +02:00
Alexandre Dulaunoy 6e88746a67 Improved Tor node object to include support of the new Tor monitoring 2017-07-06 14:57:32 +02:00
Alexandre Dulaunoy afaf0d0e19 add a comment field 2017-07-05 07:41:07 +02:00
Alexandre Dulaunoy 30976be591 Tor node object template which are part of the Tor network at a time. 2017-07-05 07:33:35 +02:00
Alexandre Dulaunoy 9a1c5511f4 ui-priority 2017-07-03 16:55:14 +02:00
Alexandre Dulaunoy e8c74fbccc ui-priority 2017-07-03 16:50:13 +02:00
Alexandre Dulaunoy ea8885f317 ui-priority 2017-07-03 16:50:00 +02:00
Alexandre Dulaunoy 17e57b4a59 ui-priority 2017-07-03 16:49:43 +02:00
Alexandre Dulaunoy cb4af3ffce ui-priority 2017-07-03 16:45:54 +02:00
Alexandre Dulaunoy d2568c922e ui-priority 2017-07-03 16:45:41 +02:00
Alexandre Dulaunoy 611c0b8f55 ui-priority 2017-07-03 16:45:25 +02:00
Alexandre Dulaunoy 60ebdfc3e7 ui-priority 2017-07-03 16:44:39 +02:00
Alexandre Dulaunoy a0a922ee61 ui-priority 2017-07-03 16:44:11 +02:00
Alexandre Dulaunoy c59ed7394a ui-priority 2017-07-03 16:43:57 +02:00
Alexandre Dulaunoy eab13ff63c ui-priority 2017-07-03 16:43:25 +02:00
Alexandre Dulaunoy 65ec7b18a7 ui-priority 2017-07-03 16:43:12 +02:00
Alexandre Dulaunoy 89858f8f72 ui-priority 2017-07-03 16:42:40 +02:00
Alexandre Dulaunoy 13c7d100d0 ui-priority 2017-07-03 16:42:26 +02:00
Alexandre Dulaunoy 5615f18767 ui-priority 2017-07-03 16:42:07 +02:00
Alexandre Dulaunoy 48b17a11ed ui-priority 2017-07-03 16:41:53 +02:00
Alexandre Dulaunoy c0a78b1b25 ui-priority 2017-07-03 16:41:16 +02:00
Alexandre Dulaunoy 7e2214f9e9 ui-priority 2017-07-03 16:40:42 +02:00
Alexandre Dulaunoy e9859c4746 ui-frequency updated 2017-07-03 12:27:16 +02:00
Alexandre Dulaunoy 4915d6688d ui-frequency is the one! 2017-07-03 12:26:40 +02:00
Alexandre Dulaunoy 17d4fab43e ui-priority is now the King! 2017-07-03 12:25:06 +02:00
Alexandre Dulaunoy fb18a4ec29 ui-priority is now the new frequency 2017-07-03 12:24:21 +02:00
Alexandre Dulaunoy ce9f50013c misp-usage-frequency updated 2017-07-03 12:19:04 +02:00
Alexandre Dulaunoy 1f0d512b7d misp-usage-frequency updated 2017-07-03 12:18:47 +02:00
Alexandre Dulaunoy 86f8ad974a misp-usage-frequency updated 2017-07-03 12:18:25 +02:00
Alexandre Dulaunoy 405a5451cc misp-usage-frequency updated 2017-07-03 12:17:46 +02:00
Alexandre Dulaunoy dc2b6524c1 misp-usage-frequency updated 2017-07-03 12:15:50 +02:00
Alexandre Dulaunoy edcf0d1a90 misp-usage-frequency updated 2017-07-03 12:14:48 +02:00
Alexandre Dulaunoy eff1b8ba39 misp-usage-frequency updated 2017-07-03 12:14:13 +02:00
Alexandre Dulaunoy 82bdbbbd4f misp-usage-frequency updated 2017-07-03 12:13:38 +02:00
Alexandre Dulaunoy 5f0755859e misp-usage-frequency updated 2017-07-03 12:11:54 +02:00
Alexandre Dulaunoy a8b1a0a512 misp-usage-frequency updated 2017-07-03 12:09:46 +02:00
Alexandre Dulaunoy 0949bd47ca misp-usage-frequency updated 2017-07-03 12:08:42 +02:00
Alexandre Dulaunoy a04174c1c1 misp-usage-frequency updated 2017-07-03 12:06:11 +02:00
Alexandre Dulaunoy b18eed04ae misp-usage-frequency 2017-07-03 12:04:56 +02:00
Alexandre Dulaunoy aed89b835d misp-usage-frequency -> ui-priority 2017-07-03 12:03:18 +02:00
Alexandre Dulaunoy 45230db220 Fix #14 2017-07-03 11:59:25 +02:00
Andras Iklody ef05cd5f06 Changed DDOS port attributes to port type 2017-07-03 06:33:53 +02:00
Raphaël Vinot 9186771eb7 Update versions 2017-06-28 11:57:36 +02:00
Raphaël Vinot 16af934386 Enforce meta-category 2017-06-28 11:21:24 +02:00
Alexandre Dulaunoy c3186cbcb2 Now meta category for ail to misc 2017-06-28 11:11:44 +02:00
Alexandre Dulaunoy 3e19326efa jq of geolocation object 2017-03-22 07:32:07 +01:00
Alexandre Dulaunoy ff8e9c0a36 geolocation - an object to describe a geographic location. 2017-03-22 07:30:42 +01:00
Alexandre Dulaunoy d413434463 jq of ail-leak 2017-03-22 06:55:15 +01:00
Alexandre Dulaunoy e6fbcf9d53 information leak object as defined by the AIL Analysis Information Leak framework. 2017-03-22 06:54:11 +01:00
Raphaël Vinot d7a1f85100 Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00
Raphaël Vinot 2f74b709d4 Updade r2graphity definition 2017-03-20 14:30:45 +01:00
Raphaël Vinot 29a66cd4d6 Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00
Raphaël Vinot c0d95f58b5 Remove duplicate entries in file object 2017-03-17 18:00:37 +01:00
Raphaël Vinot 2c5208aab2 Merge branch 'master' of github.com:MISP/misp-objects 2017-03-17 17:32:21 +01:00
Raphaël Vinot 2c2c11c9ca Add and enforce UUID in the object definitions 2017-03-17 17:31:09 +01:00
Alexandre Dulaunoy 6fb4acb9da jq all 2017-03-16 23:06:36 +01:00
Alexandre Dulaunoy 0da065163a Merge branch 'master' of github.com:MISP/misp-objects 2017-03-16 23:05:11 +01:00
Raphaël Vinot c0bd545347 Add malware-sample to file object 2017-03-16 18:18:51 +01:00
Sébastien Larinier 140fcbf251 correct travis 2017-03-15 11:30:54 +01:00
Sébastien Larinier 22f2bb8825 add impfuzzy 2017-03-15 11:19:08 +01:00
Alexandre Dulaunoy 37c1722d3e disable_correlation added 2017-03-15 07:42:14 +01:00
Raphaël Vinot 15488f0633 Update PE object 2017-03-14 15:57:05 +01:00