Raphaël Vinot
f579209884
fix: forgot to jq all the things.
2023-03-01 15:13:39 +01:00
Raphaël Vinot
38cfc975b5
fix: [ais] invalid ref name in requirements
2023-02-28 13:14:13 +01:00
Raphaël Vinot
ba80167846
chg: rename AIS -> ais to match the directory name.
2023-02-28 13:10:31 +01:00
Christian Studer
79bf12de68
add: [directory] New object template for directories
2023-02-27 10:56:31 +01:00
Christophe Vandeplas
0c7eb831d8
chg: [AIS] Addition of AIS maritime ship identification and tracking
2023-02-25 18:48:11 +08:00
Christian Studer
892b7ee70f
add: [file] Added creation, modification & access time attributes
2023-02-20 19:31:59 +01:00
Alexandre Dulaunoy
d60112ee66
new: [ransomware-group-post] First draft object for ransomlook.io
2023-02-17 10:33:59 +01:00
Alexandre Dulaunoy
13f173a3ce
fix: [victim] format fixed
2023-02-02 10:58:30 +01:00
Alexandre Dulaunoy
89010c466c
Merge pull request #383 from nyx0/main
...
[victim] add information and cultural industries sector
2023-02-02 10:57:08 +01:00
Alexandre Dulaunoy
cd27802aab
fix: [objects description] ref #384 - Grammar fixes included in the JSON files.
2023-02-02 10:51:32 +01:00
Thomas Dupuy
9b56d1f427
fix: [victim] replace tab with spaces
2023-02-01 16:56:32 +00:00
Thomas Dupuy
92ed5d48ad
new: [victim] add information and cultural industries sector
2023-02-01 16:48:01 +00:00
Thomas Dupuy
bd168c639a
chg: [victim] sort sectors
2023-02-01 16:40:24 +00:00
Alexandre Dulaunoy
fa39a64dc4
chg: [transport-ticket] update to add the type of ticket (e.g. boarding pass versus ticket)
2023-01-27 15:55:08 +01:00
Alexandre Dulaunoy
5a45977e23
fix: [transport-ticket] JSON orders
2023-01-27 15:33:22 +01:00
Alexandre Dulaunoy
81214acbbe
new: [transport-ticket] new object template to describe a transport ticket
...
Credits for the idea: Maxime Benoit
2023-01-27 15:30:32 +01:00
David Cruciani
350c9b07cf
chg: [typosquatting] jq_all_the_things
2023-01-16 08:45:20 +01:00
David Cruciani
7518752dff
add: [object] typosquatting-finder
2023-01-16 07:48:03 +01:00
Alexandre Dulaunoy
5cb7e98e20
fix: [victim] jq run
2023-01-06 15:08:28 +01:00
Thomas Dupuy
9e9540524d
new: Add legal sector.
2023-01-04 17:10:18 +00:00
Alexandre Dulaunoy
322cbaa21e
fix: [vehicle] jq all the things
2022-12-30 07:37:54 +01:00
Andras Iklody
3e8730cc1f
fix: [language] Turning french fries into freedom fries
2022-12-23 08:59:16 +01:00
Alexandre Dulaunoy
a3263d72d6
fix: [jq] all
2022-12-22 13:15:10 +01:00
Alexandre Dulaunoy
c52481cac1
fix: [thaicert-group-cards] name is singular has a single value which
...
can be multiple
2022-12-22 13:12:05 +01:00
Alexandre Dulaunoy
2b65dedb4d
fix: [objects] jq all the things
2022-12-22 13:10:03 +01:00
Alexandre Dulaunoy
83930e211f
chg: [groups->thaicert-group-cards] to make it more logical
2022-12-22 13:08:34 +01:00
Alexandre Dulaunoy
b9c512a71b
fix: [jq] JSON fixed
2022-12-15 14:39:52 +01:00
th3r3d
56c6b9148c
Create definition
...
Faked persnona template inspired by MITRE
2022-12-12 19:03:29 +01:00
th3r3d
5ff1dff7b0
Create definition in groups
...
Inspired by threat actor group cards
2022-12-12 19:02:23 +01:00
th3r3d
262e2bee90
Created definition for ADS
...
For ADS framework - create
2022-12-12 19:01:23 +01:00
Alexandre Dulaunoy
858e485263
fix: [mactim-timeline-analysis] invalid UUID fixed
2022-12-11 13:03:18 +01:00
Alexandre Dulaunoy
d491cde4b1
fix: [fail2ban] incorrect UUID fixed
2022-12-11 12:54:24 +01:00
Alexandre Dulaunoy
2787dc45d7
fix: [person] add a missing passport-creation date field.
2022-11-19 12:21:16 +01:00
Christian Studer
b877eb0815
add: [exploit] Added `description` and `title` attributes
2022-10-23 23:11:48 +02:00
Delta-Sierra
e7b9a8e7cf
add username field in telegram-bot object
2022-10-13 13:45:52 +02:00
Alexandre Dulaunoy
82c699cc5f
new: [telegram-bot] new object to describe Telegram bots
2022-10-13 10:32:58 +02:00
Alexandre Dulaunoy
06df368890
new: [intrusion-set] based on the STIX 2.1 definition
...
TODO - "Open Vocabularies" - value versus description.
2022-09-29 07:32:52 +02:00
Alexandre Dulaunoy
35df5bad01
new: [exploit] Exploit object template to describe code or program used
...
to exploit specific vulnerabilities. The objet can be linked to
`vulnerability` objects but also device, iot, firmware or alike.
2022-09-26 07:40:11 +02:00
Alexandre Dulaunoy
3cf9307b24
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-09-09 07:26:37 +02:00
Alexandre Dulaunoy
fa26cdf15e
fix: [facebook-group] add an optional ID reference to the facebook id
2022-09-09 07:24:05 +02:00
Alexandre Dulaunoy
fc51889b42
new: [facebook-reaction] new object to link reaction with facebook posts or alike
2022-09-09 07:21:59 +02:00
Alexandre Dulaunoy
3abfb19982
Merge pull request #370 from goodlandsecurity/spearphishing-objects-v2
...
spearphishing-objects-v2
2022-08-26 08:53:49 +02:00
goodlandsecurity
b258786935
jq_all_the_things
2022-08-25 16:03:59 -05:00
goodlandsecurity
26c2767228
allow multiple of certain types. bump version
2022-08-25 15:56:36 -05:00
Alexandre Dulaunoy
ec351176f9
chg: [security-playbook] JSON fixed
2022-08-25 10:17:48 +02:00
Vasileios Mavroeidis
2771e2681f
Update definition.json
...
Found the issue and updated the playbook-id attribute. It is not required anymore. We should not dictate producers generating this property since it can be used to correlate playbooks. The use case is: If we have a cacao playbook attached then we could have the UUIDV4 extracted from the "attachment" and put at the MISP security-playbook object attribute "playbook-id". Correlation is enabled if another security playbook object follows the same process while attaching the same CACAO playbook. If the attached playbook is a png then there is no way to associate it again with another security playbook object that has the same png as an attachment as we cannot know that. That would be possible only if the attachment had a machine-readable identifier. Another use case is to generate a hash and attach it to a property, but let's leave that for the future and if it is never needed or appears as a use case. Long story short the pull request improves the semantics of the object and correlations of different security playbook objects :)
2022-08-24 18:44:11 +02:00
Alexandre Dulaunoy
9b9c838961
fix: [yara] add a reference link to the YARA object template
2022-08-03 11:46:30 +02:00
Alexandre Dulaunoy
734d85337d
new: [sigma] a sigma attribute exists in MISP but the object was
...
missing to add some additional meta information.
2022-08-03 11:44:37 +02:00
Alexandre Dulaunoy
50f61a03be
chg: [scheduled-task] disable_correlation + clarification
2022-07-08 15:03:27 +02:00
Delta-Sierra
73c2462448
Windows Scheduled Task Object - First draft
2022-07-07 15:17:34 +02:00