Alexandre Dulaunoy
bce1018325
Merge branch 'master' of github.com:MISP/misp-objects
2019-12-17 14:59:50 +01:00
Alexandre Dulaunoy
e832f5ce64
chg: [organization] VAT - TAX-ID added in the template
2019-12-17 14:59:00 +01:00
Deborah Servili
33a7d6b574
Merge pull request #217 from Delta-Sierra/master
...
add imphash in file object
2019-12-10 12:26:08 +01:00
Deborah Servili
c0877cfd7c
add imphash in file object
2019-12-10 12:19:29 +01:00
Alexandre Dulaunoy
ab484998ff
chg: [microblog] add the ability to have non-malicious links
...
Fix #215
2019-12-06 14:59:12 +01:00
Jean-Louis Huynen
0fd9ff6670
chg: [dark-pattern] typos
2019-12-04 16:17:45 +01:00
Alexandre Dulaunoy
4185e2b8e2
chg: [script] attachment field added
2019-12-04 13:41:08 +01:00
Jean-Louis Huynen
b69657b7b1
add: [dark-pattern] new object to share dark-patterns
2019-12-03 16:23:54 +01:00
Alexandre Dulaunoy
5e9aeadc7a
Merge branch 'master' of github.com:MISP/misp-objects
2019-12-03 08:07:50 +01:00
Alexandre Dulaunoy
34ac927065
new: [virustotal-graph] VirusTotal graph object added
...
Based on the discussion with VT, virustotal-graph object has been added which will
be used with the expansion modules and also to trigger the specific
quick-tab in MISP to display the VT graph result in an iframe if this
object is present.
2019-12-03 07:39:28 +01:00
m4tze
33a75fe4f2
updated "version" to 4
2019-11-29 09:09:30 +01:00
m4tze
cd08dc32a0
added "type" to "requiredOneOf"
2019-11-29 08:56:55 +01:00
Raphaël Vinot
68d61d25d9
fix: Type asn -> AS
2019-11-25 16:23:42 +01:00
Raphaël Vinot
2ce8794528
fix: ui-priority is required in the object template
2019-11-25 16:21:19 +01:00
Raphaël Vinot
185fae4a61
fix: Make jq happy
2019-11-25 14:48:51 +01:00
Raphaël Vinot
2fe41c1c46
new: IntelQM objects
2019-11-25 14:43:28 +01:00
Raphaël Vinot
3d7b09e9c4
chg: Update crypto-material and url
2019-11-18 18:03:01 +01:00
Alexandre Dulaunoy
4b76b30061
chg: [microblog] verified field added to add the state of the username
2019-11-16 21:13:10 +01:00
Deborah Servili
bdad48d587
switch requiredOneOf list to required since it contains only one element
2019-11-08 15:35:14 +01:00
Jean-Louis Huynen
7b2e5061bb
chg: [x509, crypto-material] several changes:
...
- enables correlation on n, p, q;
- allows for only providing modulus for crypto material;
- specifies the expected data format of several fields.
2019-10-31 10:09:40 +01:00
Alexandre Dulaunoy
58d6722f5e
chg: [crypto-material] new object to described key materials (public and private)
2019-10-17 15:41:01 +02:00
Alexandre Dulaunoy
0859a97535
chg: [x509] to map with D4 project snakeoil database
2019-10-17 14:48:21 +02:00
Alexandre Dulaunoy
edf8b59af7
chg: [cowrie] to add HASSH of the client SSH session following Salesforce algorithm
...
As mentioned in #84
2019-10-05 10:05:26 +02:00
Raphaël Vinot
2cd5329b00
fix: duplicate in coin-address
2019-10-01 13:21:28 -07:00
Alexandre Dulaunoy
49e6c989d5
chg: [coin-address] DASH cryptocurrency address added
2019-10-01 20:17:44 +02:00
Alexandre Dulaunoy
ffc120106c
Update definition.json
...
Following discussion during MISP training - new language seen in a malware campaign.
2019-09-25 12:15:04 +02:00
Deborah Servili
6622083a2b
rename object misc to organization + update version
2019-09-23 12:57:09 +02:00
Deborah Servili
d116b7e4b2
Update version of paste object
2019-09-23 09:54:41 +02:00
Alexandre Dulaunoy
4ab14e785a
chg: [translation] double entry fixed in requiredOneOf
...
Signed-off by: By de leaduh of JavaScript and decayin' indicatawhs
2019-09-20 09:05:49 +02:00
Alexandre Dulaunoy
52e8f9e98b
chg: [translation] list of sane default for the languages + type of translation
2019-09-20 07:30:30 +02:00
Deborah Servili
4081dc8f8f
jq
2019-09-19 16:26:41 +02:00
Deborah Servili
2721d103e5
add translation object
2019-09-19 16:14:48 +02:00
Deborah Servili
a210cb0490
add hashtag attribute in microblog object
2019-09-19 13:33:45 +02:00
Deborah Servili
85f9aee365
Merge https://github.com/MISP/misp-objects
2019-09-17 15:00:51 +02:00
Deborah Servili
ca70c9ca9b
update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post
2019-09-17 14:59:34 +02:00
Alexandre Dulaunoy
a7157678af
Merge pull request #204 from saadkadhi/patch-1
...
Better wording
2019-09-12 11:12:36 +02:00
Saad Kadhi
0f76563ffc
Better wording
2019-09-11 22:02:48 +02:00
Saad Kadhi
a98631d533
Better wording
2019-09-11 21:59:37 +02:00
Alexandre Dulaunoy
0910f0b15f
chg: [credential] adding disable correlation when required
2019-09-11 10:27:27 +02:00
Alexandre Dulaunoy
951abf10fe
chg: [new object templates] various updates
2019-09-11 09:11:28 +02:00
Alexandre Dulaunoy
ebcb886037
Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master
2019-09-11 08:52:20 +02:00
Deborah Servili
b9d16a38ad
draft command object
2019-09-10 16:15:40 +02:00
Deborah Servili
0d40f64815
add impersonation object
2019-09-09 16:36:16 +02:00
Christophe Vandeplas
a347aa78fe
fix: [virustotal] corrected typo in category
2019-08-08 14:01:09 +02:00
Christophe Vandeplas
7c3ee740fa
fix: [timesketch] fix incorrect attribute type
2019-08-08 12:11:13 +02:00
Pierre-Jean Grenier
006e792829
fix: [process] change undefined attributes
...
misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly
2019-08-06 10:39:43 +02:00
Pierre-Jean Grenier
fc182be371
Change undefined category to "External analysis"
2019-08-02 14:37:08 +02:00
chrisr3d
29febb2de0
fix: JQed all the things
2019-08-01 15:50:29 +02:00
chrisr3d
ad83a3a56f
new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE
...
- The attack-pattern object is using a new
attribute type called weakness to describe CWE
id, which will link to its own information as
described in https://cve.circl.lu
2019-08-01 14:34:30 +02:00
Raphaël Vinot
e5cd4c761a
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
Raphaël Vinot
5650664665
new: Objects for Scripps CO2
2019-07-23 16:36:18 +02:00
Alexandre Dulaunoy
ab9c1e4cd6
chg: [process] updated following the "mess" of representation in process object
...
Ref: https://twitter.com/cyb3rops/status/1150315962501095424
2019-07-15 15:58:55 +02:00
Alexandre Dulaunoy
fbeb34ccb7
Merge pull request #193 from kx499/master
...
Adds employee object, dns-record object, and shodan object
2019-07-14 07:59:30 +02:00
Alexandre Dulaunoy
17f1b75973
chg: [network-connection] community-id added
2019-07-13 10:22:18 +02:00
Alexandre Dulaunoy
d504979f10
chg: [netflow] attribute community-id added in netflow object template
...
Ref: https://github.com/corelight/community-id-spec
Ref: 020e67c154
2019-07-13 10:02:15 +02:00
Alexandre Dulaunoy
919f6638e1
Merge branch 'master' of github.com:MISP/misp-objects
2019-07-11 23:00:29 +02:00
Alexandre Dulaunoy
ce8d6a93c3
chg: [yara] add a yara-rule-name field which can be optional or the only field
...
As requested in https://github.com/MISP/MISP/issues/4858
2019-07-11 22:59:05 +02:00
Sascha Rommelfangen
fd15381cc2
disable correlation on the text field
2019-07-11 16:01:06 +02:00
Sascha Rommelfangen
e26a2b6d81
transaction number must be multiple (and text)
2019-07-11 15:51:07 +02:00
Sascha Rommelfangen
1459302dd1
Merge pull request #191 from MISP/rommelfs-patch-5
...
fixed issue with requirements
2019-07-11 15:24:50 +02:00
Sascha Rommelfangen
07987dc1dd
bumped version
2019-07-11 15:19:37 +02:00
Sascha Rommelfangen
aab46e38ea
bumped version
2019-07-11 15:18:55 +02:00
Sascha Rommelfangen
139c190c6a
fixed issue with requirements
2019-07-11 14:56:38 +02:00
Sascha Rommelfangen
78e6b95465
missing parts for balance corrected
2019-07-11 14:34:44 +02:00
Sascha Rommelfangen
873b5cc5a1
removed unneeded characters
2019-07-10 16:35:07 +02:00
Sascha Rommelfangen
2ad020bf15
Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540'
2019-07-10 15:34:35 +02:00
Sascha Rommelfangen
ad1300767f
add: btc wallet and transaction object templates
2019-07-10 15:15:16 +02:00
kx1499
c8f6c97da0
Merge remote-tracking branch 'upstream/master'
2019-07-09 22:13:31 -04:00
chrisr3d
0caf4a9edc
chg: Added user-id attribute as one of the required ones
2019-07-09 17:05:48 +02:00
chrisr3d
ddff56f52c
fix: TYPO
2019-07-08 11:38:11 +02:00
chrisr3d
b96e7ed8be
new: New object describing user accounts
2019-07-08 11:18:21 +02:00
chrisr3d
d502c254cc
add: [ip-port] Added ip-dst as one of the required attributes
2019-07-05 16:11:31 +02:00
chrisr3d
bfb325b907
add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee
...
- Users can then choose between "ip" when they do
not know whever it is a source or destination IP
address, or "ip-src" & "ip-dst" to have more
clarity about the IP address
2019-07-05 15:57:11 +02:00
Alexandre Dulaunoy
c3618fcf52
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools
...
The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
2019-07-02 10:19:54 +02:00
ater49
e2f12cebd6
Adding IIN and bank_name
2019-06-18 21:45:42 +02:00
Alexandre Dulaunoy
41a6d596ff
chg: [rogue-dns] new object template expressing rogue dns
...
Thanks to CERT.br for the contribution
2019-06-18 17:39:47 +02:00
Alexandre Dulaunoy
e7bb12af7d
chg: [shell-commands] fix typo in object name
2019-06-01 10:13:06 +02:00
Alexandre Dulaunoy
48c64c52fc
new: [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
2019-06-01 10:04:46 +02:00
Alexandre Dulaunoy
a1b2db8fd1
chg: [script] requiredOneOf for script or filename
...
Malicious scripts can be received without having a filename.
2019-05-23 11:24:05 +02:00
Alexandre Dulaunoy
be7e37200a
add: [ssh-authorized-keys] object to add elements from SSH authorized
...
keys (and do correlation for fun-and-profit(tm))
2019-05-19 17:47:51 +02:00
Alexandre Dulaunoy
d922d3eaa5
chg: [person] Gender unknown added
...
This has been added when investigation is ongoing and
alias is know but gender is unknown discovered during
Enforce training.
topic:enforce
2019-05-16 15:08:43 +02:00
Alexandre Dulaunoy
e066df4e6d
chg: [microblog] state field added to describe if the tweet is malicious
...
or just OSINT.
2019-05-09 17:35:14 +02:00
Alexandre Dulaunoy
230122493c
chg: [authenticode-signerinfo] first version
2019-05-06 07:10:33 +02:00
Alexandre Dulaunoy
8f951e8450
chg: [jq] jq all the things(tm)
2019-05-05 12:33:59 +02:00
Alexandre Dulaunoy
cce77727d6
chg: [x509] improve X.509 certificate description to match required ones
...
from LIEF (as discussed in #180 ).
2019-05-05 12:31:41 +02:00
Alexandre Dulaunoy
79ab435903
Merge pull request #181 from ater49/master
...
Adding registration-date in domain-ip
2019-05-04 09:35:11 +02:00
ater49
a2bec8571b
Correcting "_" to "-" in fields name
2019-05-03 22:12:08 +02:00
ater49
424900b02d
Adding registration-date to domain-ip
2019-05-03 22:08:44 +02:00
Raphaël Vinot
f2e8195d50
new: Add offset, virtual_address and virtual_size to the pe section object
...
Related to https://github.com/MISP/PyMISP/issues/388
2019-05-03 11:19:42 +02:00
Alexandre Dulaunoy
e76e492894
chg: [regripper] version updated
2019-05-01 21:32:14 +02:00
mday
71b4e71ab1
update the misp-attribute to specify a valid value instead of an empty string
2019-05-01 14:11:30 -05:00
mday
baae683771
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
Alexandre Dulaunoy
0f6fdee7f3
chg: [irc] add nickname used for associated IRC server and channel(s)
2019-04-27 10:32:10 +02:00
Alexandre Dulaunoy
1966d4d5f0
add: [irc] IRC object to describe an IRC server with associated IRC channels
2019-04-27 10:28:50 +02:00
Alexandre Dulaunoy
b656cc532d
chg: [device] name of an object must be lowercase
2019-04-21 15:57:07 +02:00
Alexandre Dulaunoy
3dcb1725ae
chg: [phishing-kit] small typo fixed in the description
2019-04-21 15:52:57 +02:00
Raphaël Vinot
a6ed6df86a
Merge branch 'master' of github.com:MISP/misp-objects
2019-04-18 11:15:56 +02:00
Raphaël Vinot
371ffe77fb
chg: Allow to create a file object with a non-malicious file.
...
Fix #175 #176
2019-04-18 11:14:22 +02:00
Andras Iklody
92d15c5efe
Merge pull request #177 from haxpak/haxpak/update-device
...
Haxpak/update device
2019-04-16 07:43:01 +02:00
Andras Iklody
ed271a3b7d
Merge pull request #173 from haxpak/master
...
added option "Further Analysis Required" to attribute stage of object course-of-action
2019-04-16 07:42:32 +02:00