MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,944 Commits
6 Branches
44 Tags
12 MiB
Commit Graph

1334 Commits (df070cdaf8235edbd8dadb430e8549ff342dd3cb)

Author SHA1 Message Date
Alexandre Dulaunoy 454285fea5
chg: [ddos-config] as the config is mainly describing targets 
to_ids and correlation don't make a lot of sense
 2024-07-18 15:10:13 +02:00
Alexandre Dulaunoy 0833c40b05
fix: [ddos-config] `ui-priority` added 2024-07-18 12:16:39 +02:00
Alexandre Dulaunoy 2220f14ca4
new: [ddos-config] generic ddos configuration from ddos related binaries 2024-07-18 12:08:43 +02:00
Alexandre Dulaunoy 5c534d3701
chg: [ja4-plus] jq all the things 2024-06-26 18:15:04 +02:00
Alexandre Dulaunoy f93466cb3c
chg: [ja4-plus] version fixed 2024-06-26 18:08:59 +02:00
Alexandre Dulaunoy 610d5abe34
chg: [ja4-plus] template name fixed 2024-06-26 18:08:14 +02:00
Alexandre Dulaunoy 467c9b43ed
new: [ja4-plus] new MISP object template to describe JA4+ fingerprints 
fix: https://github.com/MISP/MISP/issues/9759
 2024-06-26 18:04:30 +02:00
Alexandre Dulaunoy 5a54cf6505
chg: [phishing] add an IP field for phishing website hosted on IP address or where the IP is important for the analytics 2024-06-25 09:11:17 +02:00
Alexandre Dulaunoy e3288ef6e5
fix: [ddos-claim] descriptions fixed following CERT-SE feedback 2024-06-18 09:52:57 +02:00
Alexandre Dulaunoy 1af532033b
fix: [ddos-claim] clarify the validity based on CERT-EU feedback 2024-06-14 08:09:20 +02:00
Alexandre Dulaunoy 386530d73a
new: [ddos-claim] new object added describing DDoS claim (a discussed st 
FIRST2024
 2024-06-14 07:42:28 +02:00
samitainio 23faffab2e chg: remove categories and object_relation definitions from phone-number 2024-06-09 22:39:41 +03:00
samitainio 0b971906ad Add: phone-number object 2024-06-09 22:30:04 +03:00
Alexandre Dulaunoy ffd9120eb1
fix: [research-scanner] version updated 2024-05-27 10:22:53 +02:00
Martin Waleczek 97eb9b974d add 'hostname' for scanning host to object 'research-scanner' 2024-05-24 10:20:40 +02:00
Alexandre Dulaunoy a193e03ad2
chg: [cs-beacon-config] encoded-data as file attachment instead of text 
As encoded-data might be large and not really useful to be displayed in
the UI of MISP. We moved it to an `attachment` attribute type.

We keep the `attachment` as Base64 to avoid any risk of people
downloading or executing as potential malicious file. So it MUST be
encoded in Base64 as it was before.
 2024-05-07 09:36:13 +02:00
Alexandre Dulaunoy e65878874e
chg: [organization] add a MISP UUID if present 2024-05-03 22:04:04 +02:00
iglocska 73d94b8e2d
fix: [jq] all the things 2024-05-02 13:23:48 +02:00
Andras Iklody da5a569784
organization object 
- Added "private" to the list of sectors as suggested by Monsieur Hamm.
 2024-05-02 13:18:19 +02:00
Alexandre Dulaunoy c83372377e
chg: [registry-key] jq all the things 2024-04-25 11:20:46 +02:00
Christophe Vandeplas 28328aa53d
chg: [registry-key] added Artifacts dropped as potential category 2024-04-25 11:18:26 +02:00
Alexandre Dulaunoy 2061c353fe
fix: [ransomware-group-post] added the missing descriptions for `actor-geo-stats-30d` and `actor-total-stats-30d` 2024-04-24 16:47:47 +02:00
Alexandre Dulaunoy 42b48439da
chg: [ransomware-group-post] severity field sane default added 2024-04-24 16:42:39 +02:00
Alexandre Dulaunoy 9f98d15a6f
fix: [cs-beacong-config] typo fixed 2024-04-24 16:29:33 +02:00
Alexandre Dulaunoy f3724ad19b
fix: [cs-beacon-config] updated the NAICS description 2024-04-24 16:23:53 +02:00
Alexandre Dulaunoy 7f95d3290a
chg: [cs-beacon-config] major update following shadowserver.org requirements 
- Fixed some matching type instead of text (like size-in-bytes or integer)
- Added many fields and replace name with `_` to `-`
- Added some basic description
 2024-04-24 16:19:47 +02:00
Alexandre Dulaunoy 3d78e17c4b
chg: [ransomware-group-post] updated with shadowserver object template 
format

- underscores replaced with hyphen
- descriptions added
- decorrelation added for some fields
 2024-04-24 15:19:02 +02:00
Alexandre Dulaunoy 16b354c04c
chg: [instant-message] remove newlines 2024-04-24 14:30:19 +02:00
menewol 93b43a3191
Added Mattermost 2024-04-24 14:11:50 +02:00
David Cruciani b10d4680bc
Merge branch 'MISP:main' into main 2024-04-18 14:40:59 +02:00
David Cruciani 051605763e
chg: [flowintel-cm] notes 2024-04-18 14:40:16 +02:00
Christophe Vandeplas b37c347792
Merge pull request #424 from cvandeplas/main 
new: Generalizing Persuasion (GP) Framework
 2024-04-14 07:53:09 +02:00
Christophe Vandeplas f267c28d1f
new: [gpf] Split actors_speaker and settings_competition into more 2024-04-14 07:26:53 +02:00
Christian Studer e970e8d5a6
Merge branch 'main' of github.com:MISP/misp-objects 2024-04-13 12:25:17 +02:00
Christian Studer 2fe584ca6f
fix: Changed a few attribute types in different template 2024-04-13 12:24:58 +02:00
Alexandre Dulaunoy 223b7342d8
chg: [news-media] add governmental communication and also news agency 
source (including alert type)
 2024-04-12 10:22:53 +02:00
Christophe Vandeplas 8fe87ab6bc
new: [gpf] Added Generalizing Persuasion Framework 2024-04-12 08:09:52 +02:00
Christian Studer b2de8dd7c7
chg: [network-traffic] Going for the `protocol` attribute in singular 2024-04-11 12:04:55 +02:00
Christian Studer 712ab7f10a
fix: [network-connection] Using the `size-in-bytes` attribute type for information expressed in bytes 2024-04-11 09:42:06 +02:00
Christian Studer 661c71e35e
add: [network-traffic] Generic Network Traffic object 
- Following the STIX 2.1 spec
 2024-04-10 11:13:16 +02:00
Alexandre Dulaunoy dc52c10844
chg: [cert-pl-phishing] fixed 2024-04-04 16:53:46 +02:00
Alexandre Dulaunoy ea48921444
chg: [cert-pl-phishing] fixed 2024-04-04 16:48:33 +02:00
Alexandre Dulaunoy 4c661b7747
new: [cert-pl-phishing] first draft of a template for the CERT.PL 
phishing system
 2024-04-04 16:45:33 +02:00
Christian Studer 5b95994bdd
fix: [pe] Removing the `disable_correlation` flag for a `size-in-bytes` attribute type 2024-04-03 17:33:30 +02:00
Christian Studer 980ab615ec
add: [pe-optional-header] New object template for PE optional headers 2024-04-03 17:32:47 +02:00
Christian Studer f247f04548
Merge branch 'main' of github.com:MISP/misp-objects 2024-04-03 14:38:38 +02:00
Christian Studer fba223520a
fix: [pe] Sizes in the PE format should be in bytes 2024-04-03 14:37:55 +02:00
Alexandre Dulaunoy d905c08031
fix: [pe] typo fixed 2024-04-03 14:29:36 +02:00
Christian Studer 2afdb6104b
fix: [pe] `counter` makes more sense here 2024-04-03 14:08:17 +02:00
Christian Studer e042ac127a
chg: [pe] Using the new `integer` attribute type 2024-04-03 13:31:32 +02:00
Christian Studer eb1536f505
chg: [pe] Added `characteristics` & `machine-type` enumerations 
- Characteristics are usually in a list, so we
  have now both the list of characteristics with
  their name, and the hex value of the addition
  of all the characteristics numeric values
- We represent the machine type with its name
 2024-04-03 11:19:16 +02:00
Christian Studer ad952beb60
add: [pe] Added some PE fields as available with `lief` API 2024-04-02 21:21:38 +02:00
Alexandre Dulaunoy b023d0a3de
chg: [ddos] object type alone authorized if the source/target cannot be 
disclosed
 2024-03-29 16:22:07 +01:00
Sebastien Larinier d6af105b45 Add software impacted by exploit 2024-03-18 14:19:35 +00:00
Alexandre Dulaunoy ab963cdb5b
chg: [command-line] added sane_default 2024-03-16 09:48:29 +01:00
Alexandre Dulaunoy 322e451c3c
Merge branch 'main' of https://github.com/sebdraven/misp-objects into sebdraven-main 2024-03-16 09:46:59 +01:00
goodlandsecurity fac453a247
fixed parse error 2024-03-15 14:04:07 -05:00
goodlandsecurity 11bf472d8e
forgot multiple flag on two attributes 2024-03-15 13:52:09 -05:00
goodlandsecurity c3f17d6060
adding stairwell object 2024-03-15 12:05:03 -05:00
Sebastien Larinier acfef2f5e8 change type of ans name 2024-03-07 12:02:23 +00:00
Sebastien Larinier 53572fe294 fix typo of description 2024-03-07 10:12:21 +00:00
Sebastien Larinier 9c03f6ab9d add software for cmd line and change type 2024-03-07 10:10:36 +00:00
Alexandre Dulaunoy c72ec74070
fix: [cs-beacon-config] Partial info from CS beacon are possible 
Fix #417 - Thanks to @sebdraven
 2024-03-06 07:24:37 +01:00
Christos Arvanitis a367c43eb9 Disable correlation for IntelMQ time fields 2024-03-05 11:22:17 +01:00
Alexandre Dulaunoy 173af552aa
chg: [person/organization] `impersonated` added to the role of person 
and organization templates

Thanks to NRC Cyber Security for the idea.
 2024-03-05 08:59:45 +01:00
Christian Studer 3ac509965f
add: [process] Environment variables attribute 2024-01-30 15:19:54 +01:00
Christian Studer 7c565093df
chg: [artifact] Changed the `payload_bin` attribute to attachment type 2024-01-19 23:15:41 +01:00
David Cruciani 401c34f6f3
chg: [flowintel-task] add case-uuid 2024-01-15 09:11:00 +01:00
David Cruciani 248e7a95dc
chg: [validation] jq all 2024-01-10 12:07:32 +01:00
David Cruciani 55917fe94c
chg: [version] v2 2024-01-10 11:52:10 +01:00
David Cruciani b407a9d046
chg: [url] to_ids 2024-01-10 11:49:54 +01:00
David Cruciani 156fa7a07e
chg: [flowintel] typo + uuid+origin-url 2023-12-14 16:14:44 +01:00
David Cruciani b657128758
new: [object] flowintel-cm 2023-12-14 15:58:46 +01:00
Alexandre Dulaunoy 587b298e1e
chg: [shadowserver-malware-url-report] resource path added to improve 
correlation aspects
 2023-12-08 15:18:32 +01:00
Alexandre Dulaunoy fcd2cf2445
chg: [cs-beacon-config] updated to add details requested by ShadowServer 2023-12-07 10:54:40 +01:00
Alexandre Dulaunoy 7f77dbe685
chg: [shadowserver-malware-url-report] sane default added for severity 
Ref: https://github.com/The-Shadowserver-Foundation/report_schema/blob/main/severity.md
 2023-12-07 08:50:15 +01:00
Alexandre Dulaunoy f02af50725
chg: [shadowserver-malware-url-report] sane_default added 2023-12-06 09:50:54 +01:00
Alexandre Dulaunoy 23e41b2262
chg: [shadowserver-malware-url-report] severity added 2023-12-06 09:46:08 +01:00
Alexandre Dulaunoy 047d442311
fix: [report] typo fixed 2023-12-06 09:32:13 +01:00
Alexandre Dulaunoy 08db16c162
chg: [report] `title` field added to the report object template 2023-12-06 09:05:16 +01:00
Alexandre Dulaunoy c536f2f318
fix: [shadowserver-malware-url-report] `port` field added 2023-12-06 08:45:51 +01:00
Alexandre Dulaunoy a240e70334
fix: [victim] object updated 2023-12-05 20:58:22 +01:00
Matthieu Faou 5a19c46498
Changed academic research to academia - university to align with the sector cluster 2023-12-05 12:25:32 -05:00
Matthieu Faou d7007fe456
Added 5 sectors to the victim object 2023-12-05 11:50:38 -05:00
Alexandre Dulaunoy c18a240153
new: [shadowserver-malware-url-report] first version 
Transposition of the `malware_url` from Shadowserver
 2023-11-22 09:20:56 +01:00
Matthijs van P fd90274503
Merge branch 'MISP:main' into main 2023-11-21 14:03:33 +01:00
Alexandre Dulaunoy d4b6596a9d
fix: [crowdstrike-report] jq all the things 2023-11-21 08:20:35 +01:00
akshayjain-1 516d5ac668
Update definition.json 
Changed the file hash attribute type to sha256 from text
 2023-11-20 13:54:12 -05:00
akshayjain-1 feeaa600b7
Create definition.json for Crowdstrike report 2023-11-20 12:09:18 -05:00
Matthijs van Polen f90ff8c3c0 [attack-step] Fixed typo, added multiples. 2023-11-10 15:18:48 +01:00
Christian Studer 8fb566fc60
add: [intrusion-set] Added `first_seen` & `last_seen` attributes 2023-11-09 12:10:52 +01:00
Alexandre Dulaunoy 0e4c819354
Merge pull request #405 from bynt/main 
new misp-object: c2-list
 2023-11-07 21:19:55 +01:00
Christian Studer d1653d9783
add: [user-account] Added email attribute 2023-10-31 15:49:44 +01:00
Alexandre Dulaunoy 5feb052732
chg: [cs-beacon-config] some updates 2023-10-13 16:29:01 +02:00
Alexandre Dulaunoy 3c2b62d3c3
chg: [cryptocurrency-transaction] fix the UUID 2023-09-28 10:18:32 +02:00
Alexandre Dulaunoy 40323d411e
new: [cryptocurrency-transaction] generic transaction object for any 
cryptocurrency
 2023-09-28 10:14:34 +02:00
Alexandre Dulaunoy 64e37f4bc8
chg: [coin-address] add a generic crypto address if the address format 
is not known or supported
 2023-09-28 10:06:02 +02:00
Martin Waleczek 652f0f7120 reorder elements 2023-09-19 17:05:06 +02:00
Martin Waleczek aa3bbd44fa add c2-ip to definition.json 2023-09-19 16:58:06 +02:00
Martin Waleczek 4e10e5501e add definition.json for c2-list 2023-09-19 16:31:10 +02:00