Merge 21775dbecc into c83372377e

chg: [registry-key] jq all the things
chg: [registry-key] added Artifacts dropped as potential category
2024-04-25 14:16:06 +02:00 · 2024-04-25 11:20:46 +02:00 · 2024-04-25 11:18:26 +02:00 · 2024-04-25 08:59:30 +02:00 · 2024-04-25 08:58:28 +02:00 · 2024-04-24 16:47:47 +02:00
10 changed files with 519 additions and 24 deletions
--- a/README.md
+++ b/README.md
@ -115,6 +115,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/annotation](https://github.com/MISP/misp-objects/blob/main/objects/annotation/definition.json) - An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.
 - [objects/anonymisation](https://github.com/MISP/misp-objects/blob/main/objects/anonymisation/definition.json) - Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml.
 - [objects/apivoid-email-verification](https://github.com/MISP/misp-objects/blob/main/objects/apivoid-email-verification/definition.json) - Apivoid email verification API result. Reference: https://www.apivoid.com/api/email-verify/.
+- [objects/apk](https://github.com/MISP/misp-objects/blob/main/objects/apk/definition.json) - Apk object describing a file with meta-information.
 - [objects/artifact](https://github.com/MISP/misp-objects/blob/main/objects/artifact/definition.json) - The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. From STIX 2.1 (6.1).
 - [objects/asn](https://github.com/MISP/misp-objects/blob/main/objects/asn/definition.json) - Autonomous system object describing an autonomous system which can include one or more network operators managing an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.
 - [objects/attack-pattern](https://github.com/MISP/misp-objects/blob/main/objects/attack-pattern/definition.json) - Attack pattern describing a common attack pattern enumeration and classification.
@ -153,7 +154,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/credential](https://github.com/MISP/misp-objects/blob/main/objects/credential/definition.json) - Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).
 - [objects/credit-card](https://github.com/MISP/misp-objects/blob/main/objects/credit-card/definition.json) - A payment card like credit card, debit card or any similar cards which can be used for financial transactions.
 - [objects/crowdsec-ip-context](https://github.com/MISP/misp-objects/blob/main/objects/crowdsec-ip-context/definition.json) - CrowdSec Threat Intelligence - IP CTI search.
- [objects/crowdstrike-report](https://github.com/MISP/misp-objects/blob/main/objects/crowdstrike-report/definition.json) - An Object Template to encode an Crowdstrike detection report.
+- [objects/crowdstrike-report](https://github.com/MISP/misp-objects/blob/main/objects/crowdstrike-report/definition.json) - An Object Template to encode an Crowdstrike detection report.
 - [objects/crypto-material](https://github.com/MISP/misp-objects/blob/main/objects/crypto-material/definition.json) - Cryptographic materials such as public or/and private keys.
 - [objects/cryptocurrency-transaction](https://github.com/MISP/misp-objects/blob/main/objects/cryptocurrency-transaction/definition.json) - An object to describe a cryptocurrency transaction.
 - [objects/cs-beacon-config](https://github.com/MISP/misp-objects/blob/main/objects/cs-beacon-config/definition.json) - Cobalt Strike Beacon Config.
@ -169,7 +170,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/dns-record](https://github.com/MISP/misp-objects/blob/main/objects/dns-record/definition.json) - A set of DNS records observed for a specific domain.
 - [objects/domain-crawled](https://github.com/MISP/misp-objects/blob/main/objects/domain-crawled/definition.json) - A domain crawled over time.
 - [objects/domain-ip](https://github.com/MISP/misp-objects/blob/main/objects/domain-ip/definition.json) - A domain/hostname and IP address seen as a tuple in a specific time frame.
- [objects/edr-report](https://github.com/MISP/misp-objects/blob/main/objects/edr-report/definition.json) - An Object Template to encode an EDR detection report.
+- [objects/edr-report](https://github.com/MISP/misp-objects/blob/main/objects/edr-report/definition.json) - An Object Template to encode an EDR detection report.
 - [objects/elf](https://github.com/MISP/misp-objects/blob/main/objects/elf/definition.json) - Object describing a Executable and Linkable Format.
 - [objects/elf-section](https://github.com/MISP/misp-objects/blob/main/objects/elf-section/definition.json) - Object describing a section of an Executable and Linkable Format.
 - [objects/email](https://github.com/MISP/misp-objects/blob/main/objects/email/definition.json) - Email object describing an email with meta-information.
@ -190,6 +191,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/file](https://github.com/MISP/misp-objects/blob/main/objects/file/definition.json) - File object describing a file with meta-information.
 - [objects/flowintel-cm-case](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-cm-case/definition.json) - A case as defined by flowintel-cm.
 - [objects/flowintel-cm-task](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-cm-task/definition.json) - A task as defined by flowintel-cm.
+- [objects/flowintel-cm-task-note](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-cm-task-note/definition.json) - A task's note as defined by flowintel-cm.
 - [objects/forensic-case](https://github.com/MISP/misp-objects/blob/main/objects/forensic-case/definition.json) - An object template to describe a digital forensic case.
 - [objects/forensic-evidence](https://github.com/MISP/misp-objects/blob/main/objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence.
 - [objects/forged-document](https://github.com/MISP/misp-objects/blob/main/objects/forged-document/definition.json) - Object describing a forged document.
@ -336,7 +338,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/query](https://github.com/MISP/misp-objects/blob/main/objects/query/definition.json) - An object describing a query, along with its format.
 - [objects/r2graphity](https://github.com/MISP/misp-objects/blob/main/objects/r2graphity/definition.json) - Indicators extracted from files using radare2 and graphml.
 - [objects/ransom-negotiation](https://github.com/MISP/misp-objects/blob/main/objects/ransom-negotiation/definition.json) - An object to describe ransom negotiations, as seen in ransomware incidents.
- [objects/ransomware-group-post](https://github.com/MISP/misp-objects/blob/main/objects/ransomware-group-post/definition.json) - Ransomware group post as monitored by ransomlook.io.
+- [objects/ransomware-group-post](https://github.com/MISP/misp-objects/blob/main/objects/ransomware-group-post/definition.json) - Ransomware group post as monitored by ransomlook.io or others.
 - [objects/reddit-account](https://github.com/MISP/misp-objects/blob/main/objects/reddit-account/definition.json) - Reddit account.
 - [objects/reddit-comment](https://github.com/MISP/misp-objects/blob/main/objects/reddit-comment/definition.json) - A Reddit post comment.
 - [objects/reddit-post](https://github.com/MISP/misp-objects/blob/main/objects/reddit-post/definition.json) - A Reddit post.
--- a/objects/apk/definition.json
+++ b/objects/apk/definition.json
@ -0,0 +1,188 @@
+{
+  "attributes": {
+    "malware-sample": {
+      "description": "The file itself (binary)",
+      "misp-attribute": "malware-sample",
+      "ui-priority": 1
+    },
+    "filename": {
+      "categories": [
+        "Payload delivery",
+        "Artifacts dropped",
+        "Payload installation",
+        "External analysis"
+      ],
+      "description": "Filename on disk",
+      "misp-attribute": "filename",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "md5": {
+      "description": "[Insecure] MD5 hash (128 bits)",
+      "misp-attribute": "md5",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "sha256": {
+      "description": "Secure Hash Algorithm 2 (256 bits)",
+      "misp-attribute": "sha256",
+      "ui-priority": 1
+    },
+    "sha1": {
+    "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
+    "misp-attribute": "sha1",
+    "recommended": false,
+    "ui-priority": 1
+    },
+    "ssdeep": {
+    "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
+    "misp-attribute": "ssdeep",
+    "ui-priority": 1
+    },
+    "tlsh": {
+    "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
+    "misp-attribute": "tlsh",
+    "ui-priority": 1
+    },
+    "sha224": {
+      "description": "Secure Hash Algorithm 2 (224 bits)",
+      "misp-attribute": "sha224",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "sha384": {
+      "description": "Secure Hash Algorithm 2 (384 bits)",
+      "misp-attribute": "sha384",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "sha512": {
+      "description": "Secure Hash Algorithm 2 (512 bits)",
+      "misp-attribute": "sha512",
+      "ui-priority": 1
+    },
+    "size-in-bytes": {
+      "description": "Size of the file, in bytes",
+      "disable_correlation": true,
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 1
+    },
+    "state": {
+      "description": "State of the file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1,
+      "values_list": [
+        "Malicious",
+        "Harmless",
+        "Signed",
+        "Revoked",
+        "Expired",
+        "Trusted"
+      ]
+    },
+    "package-name": {
+      "description": "The package name of an Android app",
+      "misp-attribute": "text",
+      "recommended": true,
+      "ui-priority": 1
+    },
+    "sha3-224": {
+      "description": "Secure Hash Algorithm 3 (224 bits)",
+      "misp-attribute": "sha3-224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha3-256": {
+      "description": "Secure Hash Algorithm 3 (256 bits)",
+      "misp-attribute": "sha3-256",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha3-384": {
+      "description": "Secure Hash Algorithm 3 (384 bits)",
+      "misp-attribute": "sha3-384",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha3-512": {
+      "description": "Secure Hash Algorithm 3 (512 bits)",
+      "misp-attribute": "sha3-512",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha512/224": {
+      "description": "Secure Hash Algorithm 2 (224 bits)",
+      "misp-attribute": "sha512/224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha512/256": {
+      "description": "Secure Hash Algorithm 2 (256 bits)",
+      "misp-attribute": "sha512/256",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "mimetype": {
+      "description": "Mime type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "ui-priority": 0
+    },
+    "url": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Malware delivery url",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "vhash": {
+      "description": "vhash by VirusTotal",
+      "misp-attribute": "vhash",
+      "ui-priority": 0
+    },
+    "access-time": {
+      "description": "The last time the file was accessed",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "creation-time": {
+      "description": "Creation time of the file",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "modification-time": {
+      "description": "Last time the file was modified",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    }
+  },
+  "description": "Apk object describing a file with meta-information",
+  "meta-category": "file",
+  "name": "apk",
+  "requiredOneOf": [
+    "filename",
+    "size-in-bytes",
+    "ssdeep",
+    "md5",
+    "sha1",
+    "sha224",
+    "sha256",
+    "sha384",
+    "sha512",
+    "sha512/224",
+    "sha512/256",
+    "sha3-224",
+    "sha3-256",
+    "sha3-384",
+    "sha3-512",
+    "tlsh",
+    "malware-sample",
+    "url"
+  ],
+  "uuid": "501bf5cf-28e0-4a5a-8056-e811c6447cfa",
+  "version": 2
+}
--- a/objects/cs-beacon-config/definition.json
+++ b/objects/cs-beacon-config/definition.json
@ -1,11 +1,43 @@
 {
  "attributes": {
+    "architecture": {
+      "description": "Hardware architecture of the sample",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
    "asn": {
      "description": "Originating ASN for the CS Beacon Config",
      "disable_correlation": true,
      "misp-attribute": "AS",
      "ui-priority": 0
    },
+    "beacon-host": {
+      "description": "Beacon host IP",
+      "misp-attribute": "ip-dst",
+      "ui-priority": 0
+    },
+    "beacon-type": {
+      "description": "Beacon type used",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "binary-md5": {
+      "description": "MD5 of the binary delivered",
+      "misp-attribute": "md5",
+      "ui-priority": 0
+    },
+    "binary-sha1": {
+      "description": "SHA1 of the binary delivered",
+      "misp-attribute": "sha1",
+      "ui-priority": 0
+    },
+    "binary-sha256": {
+      "description": "SHA256 of the binary delivered",
+      "misp-attribute": "sha256",
+      "ui-priority": 0
+    },
    "c2": {
      "categories": [
        "Network activity"
@ -21,12 +53,67 @@
      "misp-attribute": "text",
      "ui-priority": 0
    },
+    "config-md5": {
+      "description": "MD5 of the configuration",
+      "misp-attribute": "md5",
+      "ui-priority": 0
+    },
+    "config-sha1": {
+      "description": "SHA1 of the configuration",
+      "misp-attribute": "sha1",
+      "ui-priority": 0
+    },
+    "config-sha256": {
+      "description": "SHA256 of the configuration",
+      "misp-attribute": "sha256",
+      "ui-priority": 0
+    },
+    "content-length": {
+      "description": "Content length of the payload",
+      "disable_correlation": true,
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 0
+    },
+    "content-type": {
+      "description": "Content/type received",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "encoded-data": {
+      "description": "Encoded payload data in Base64",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "encoded-length": {
+      "description": "Length of the encoded data",
+      "disable_correlation": true,
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 0
+    },
    "geo": {
      "description": "Country location of the CS Beacon Config",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
+    "http": {
+      "description": "HTTP protocol used",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "http-code": {
+      "description": "HTTP return code",
+      "disable_correlation": true,
+      "misp-attribute": "integer",
+      "ui-priority": 0
+    },
+    "http-url": {
+      "description": "HTTP url path of the beacon",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
    "ip": {
      "description": "IP of the C2",
      "misp-attribute": "ip-dst",
@ -55,7 +142,7 @@
      "ui-priority": 1
    },
    "naics": {
-      "description": "North American Industry Classification System Code",
+      "description": "North American Industry Classification System Code (NAICS)",
      "disable_correlation": true,
      "misp-attribute": "text",
      "multiple": true,
@ -112,5 +199,5 @@
    "watermark"
  ],
  "uuid": "d17355ef-ca1f-4b5a-86cd-65d877991f54",
-  "version": 4
+  "version": 6
 }
--- a/objects/flowintel-cm-case/definition.json
+++ b/objects/flowintel-cm-case/definition.json
@ -42,6 +42,12 @@
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
+    "notes": {
+      "description": "Notes of the case",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
    "origin-url": {
      "description": "Origin of the case",
      "disable_correlation": true,
@ -86,5 +92,5 @@
  "meta-category": "misc",
  "name": "flowintel-cm-case",
  "uuid": "19df57c7-b315-4fd2-84e5-d81ab221425e",
-  "version": 2
+  "version": 3
 }
--- a/objects/flowintel-cm-task-note/definition.json
+++ b/objects/flowintel-cm-task-note/definition.json
@ -0,0 +1,35 @@
+{
+  "attributes": {
+    "note": {
+      "description": "Notes of the task",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "note-uuid": {
+      "description": "UUID of the note",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 2
+    },
+    "origin-url": {
+      "description": "Origin of the task",
+      "disable_correlation": true,
+      "misp-attribute": "url",
+      "to_ids": false,
+      "ui-priority": 1
+    },
+    "task-uuid": {
+      "description": "UUID of the parent task",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 2
+    }
+  },
+  "description": "A task's note as defined by flowintel-cm.",
+  "meta-category": "misc",
+  "name": "flowintel-cm-task-note",
+  "uuid": "2c6f6aba-48b6-482f-a810-81934d29be9a",
+  "version": 1
+}
--- a/objects/flowintel-cm-task/definition.json
+++ b/objects/flowintel-cm-task/definition.json
@ -37,12 +37,6 @@
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
-    "notes": {
-      "description": "Notes of the task",
-      "disable_correlation": true,
-      "misp-attribute": "text",
-      "ui-priority": 0
-    },
    "origin-url": {
      "description": "Origin of the task",
      "disable_correlation": true,
@ -88,5 +82,5 @@
  "meta-category": "misc",
  "name": "flowintel-cm-task",
  "uuid": "2f525f6e-d3f2-4cb9-9ca0-f1160d99397d",
-  "version": 3
+  "version": 4
 }
--- a/objects/instant-message/definition.json
+++ b/objects/instant-message/definition.json
@ -22,7 +22,8 @@
        "Discord",
        "Mumble",
        "Jabber",
-        "Twitter"
+        "Twitter",
+        "Mattermost"
      ],
      "ui-priority": 1
    },
--- a/objects/ransomware-group-post/definition.json
+++ b/objects/ransomware-group-post/definition.json
@ -1,7 +1,26 @@
 {
  "attributes": {
+    "actor-geo-stats-30d": {
+      "description": "Count of how many other victims were publicly leaked by the same ransomware actor in the country of the victim during the past 30 days",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "actor-total-stats-30d": {
+      "description": "Count of how many other victims were publicly leaked by the same ransomware actor worldwide during the past 30 days",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
    "date": {
      "description": "Last update of the post as seen on the ransomware group blog. Different than the first/last seen from the crawling.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "date-published": {
+      "description": "Initial published date of the post on the ransomware group blog.",
+      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
@ -10,25 +29,73 @@
      "misp-attribute": "text",
      "ui-priority": 1
    },
+    "entity-name": {
+      "description": "Entity name of the victim referenced in the post of the ransomware group.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "geo": {
+      "description": "Geographic (main) location of the victim referenced in the post of the ransomware group.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "leak-site-url": {
+      "description": "Link to the post.",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
    "link": {
      "description": "Original URL location of the post.",
      "misp-attribute": "link",
      "ui-priority": 1
    },
+    "ransomware-group": {
+      "description": "Ransomware group where the post is mentioned.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "sector": {
+      "description": "Sector (main) of the victim referenced in the post of the ransomware group.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "severity": {
+      "description": "Severity of the post mentioned.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "critical",
+        "high",
+        "medium",
+        "low",
+        "info"
+      ],
+      "ui-priority": 1
+    },
    "title": {
      "description": "Title of blog post.",
      "misp-attribute": "text",
      "ui-priority": 1
+    },
+    "website": {
+      "description": "Website of the victim referenced in the post of the ransomware group.",
+      "misp-attribute": "link",
+      "ui-priority": 1
    }
  },
-  "description": "Ransomware group post as monitored by ransomlook.io",
+  "description": "Ransomware group post as monitored by ransomlook.io or others",
  "meta-category": "misc",
  "name": "ransomware-group-post",
  "requiredOneOf": [
    "title",
    "description",
-    "link"
+    "link",
+    "website",
+    "leak-site-url"
  ],
  "uuid": "52a0e179-4942-41e6-90f5-7db856fd6f39",
-  "version": 1
+  "version": 4
 }
--- a/objects/registry-key/definition.json
+++ b/objects/registry-key/definition.json
@ -2,7 +2,8 @@
  "attributes": {
    "data": {
      "categories": [
-        "Persistence mechanism"
+        "Persistence mechanism",
+        "Artifacts dropped"
      ],
      "description": "Data stored in the registry key",
      "misp-attribute": "text",
@ -10,7 +11,8 @@
    },
    "data-type": {
      "categories": [
-        "Persistence mechanism"
+        "Persistence mechanism",
+        "Artifacts dropped"
      ],
      "description": "Registry value type",
      "disable_correlation": true,
@ -35,7 +37,8 @@
    },
    "hive": {
      "categories": [
-        "Persistence mechanism"
+        "Persistence mechanism",
+        "Artifacts dropped"
      ],
      "description": "Hive used to store the registry key (file on disk)",
      "disable_correlation": true,
@ -44,7 +47,8 @@
    },
    "key": {
      "categories": [
-        "Persistence mechanism"
+        "Persistence mechanism",
+        "Artifacts dropped"
      ],
      "description": "Full key path",
      "misp-attribute": "regkey",
@ -60,7 +64,8 @@
    },
    "name": {
      "categories": [
-        "Persistence mechanism"
+        "Persistence mechanism",
+        "Artifacts dropped"
      ],
      "description": "Name of the registry key",
      "misp-attribute": "text",
@ -98,5 +103,5 @@
    "data"
  ],
  "uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
-  "version": 4
+  "version": 5
 }
--- a/relationships/definition.json
+++ b/relationships/definition.json
@ -36,6 +36,22 @@
      "name": "shared-by",
      "opposite": "shares"
    },
+    {
+      "description": "This relationship describes an object which publishes another object.",
+      "format": [
+        "misp"
+      ],
+      "name": "publishes",
+      "opposite": "published-by"
+    },
+    {
+      "description": "This relationship describes an object which was published by another object.",
+      "format": [
+        "misp"
+      ],
+      "name": "published-by",
+      "opposite": "publishes"
+    },
    {
      "description": "The referenced source and target objects are semantically duplicates of each other.",
      "format": [
@ -1764,7 +1780,101 @@
      ],
      "name": "is-acquired-by",
      "opposite": "acquires"
+    },
+    {
+      "description": "The source object supports the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "supports",
+      "opposite": "supported-by"
+    },
+    {
+      "description": "The source object is supported by the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "supported-by",
+      "opposite": "supports"
+    },
+    {
+      "description": "The source object sponsors the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "sponsors",
+      "opposite": "sponsored-by"
+    },
+    {
+      "description": "The source object is sponsored by the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "sponsored-by",
+      "opposite": "sponsors"
+    },
+    {
+      "description": "The source object operates from the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "operates-from"
+    },
+    {
+      "description": "The source object deploys the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "deploys",
+      "opposite": "is-deployed-by"
+    },
+    {
+      "description": "The source object is deployed by the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "is-deployed-by",
+      "opposite": "deploys"
+    },
+    {
+      "description": "The source object interacts with the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "interacts-with"
+    },
+    {
+      "description": "The source object injects the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "injects",
+      "opposite": "is-injected-by"
+    },
+    {
+      "description": "The source object is injected by the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "is-injected-by",
+      "opposite": "injects"
+    },
+    {
+      "description": "The source object interviews the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "interviews",
+      "opposite": "is-interviewed-by"
+    },
+    {
+      "description": "The source object is interviewed by the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "is-interviewed-by",
+      "opposite": "interviews"
    }
  ],
-  "version": 43
+  "version": 48
 }
Author	SHA1	Message	Date
Karen Yousefi	5ae8125610	Merge `21775dbecc` into `c83372377e`	2024-04-25 14:16:06 +02:00
Alexandre Dulaunoy	c83372377e	chg: [registry-key] jq all the things	2024-04-25 11:20:46 +02:00
Christophe Vandeplas	28328aa53d	chg: [registry-key] added Artifacts dropped as potential category	2024-04-25 11:18:26 +02:00
Alexandre Dulaunoy	3a2c160630	chg: [relationships] updated	2024-04-25 08:59:30 +02:00
Alexandre Dulaunoy	4393a483fe	Merge pull request #429 from Delta-Sierra/master add relationship interviews/is-interviewed-by	2024-04-25 08:58:28 +02:00
Alexandre Dulaunoy	2061c353fe	fix: [ransomware-group-post] added the missing descriptions for `actor-geo-stats-30d` and `actor-total-stats-30d`	2024-04-24 16:47:47 +02:00
Alexandre Dulaunoy	42b48439da	chg: [ransomware-group-post] severity field sane default added	2024-04-24 16:42:39 +02:00
Alexandre Dulaunoy	8aea824bbe	chg: [doc] updated	2024-04-24 16:34:36 +02:00
Alexandre Dulaunoy	9f98d15a6f	fix: [cs-beacong-config] typo fixed	2024-04-24 16:29:33 +02:00
Alexandre Dulaunoy	f3724ad19b	fix: [cs-beacon-config] updated the NAICS description	2024-04-24 16:23:53 +02:00
Alexandre Dulaunoy	7f95d3290a	chg: [cs-beacon-config] major update following shadowserver.org requirements - Fixed some matching type instead of text (like size-in-bytes or integer) - Added many fields and replace name with `_` to `-` - Added some basic description	2024-04-24 16:19:47 +02:00
Alexandre Dulaunoy	3d78e17c4b	chg: [ransomware-group-post] updated with shadowserver object template format - underscores replaced with hyphen - descriptions added - decorrelation added for some fields	2024-04-24 15:19:02 +02:00
Delta-Sierra	b1588baa0e	fix version	2024-04-24 15:02:10 +02:00
Delta-Sierra	d099a893c1	Merge https://github.com/MISP/misp-objects	2024-04-24 14:54:25 +02:00
Delta-Sierra	1cf333f020	relationship interview	2024-04-24 14:53:05 +02:00
Alexandre Dulaunoy	16b354c04c	chg: [instant-message] remove newlines	2024-04-24 14:30:19 +02:00
Alexandre Dulaunoy	9f7cabf25c	Merge pull request #428 from menewol/main Added Mattermost	2024-04-24 14:23:19 +02:00
menewol	93b43a3191	Added Mattermost	2024-04-24 14:11:50 +02:00
Alexandre Dulaunoy	1abf2bf705	chg: [relationships] `publishes` added	2024-04-19 14:53:38 +02:00
Alexandre Dulaunoy	a2063078e5	fix: [relationships] newline story	2024-04-19 14:42:45 +02:00
Alexandre Dulaunoy	37fe188830	Merge pull request #427 from Delta-Sierra/master Moar relationships	2024-04-19 14:41:57 +02:00
Alexandre Dulaunoy	a176a663d0	Merge pull request #426 from DavidCruciani/main flowintel-cm notes change	2024-04-19 14:40:47 +02:00
Delta-Sierra	b65199716f	Moar relationships	2024-04-19 13:22:18 +02:00
David Cruciani	b10d4680bc	Merge branch 'MISP:main' into main	2024-04-18 14:40:59 +02:00
David Cruciani	051605763e	chg: [flowintel-cm] notes	2024-04-18 14:40:16 +02:00
Delta-Sierra	845a48a7a4	merge	2024-04-18 13:02:11 +02:00
Delta-Sierra	d371245037	add deploy relationship	2024-04-18 12:57:53 +02:00
Alexandre Dulaunoy	96492b9c93	Merge pull request #425 from Wachizungu/add-sponsors-and-supports-relationship-types add: [relationships] add a few relationship types and opposites	2024-04-16 06:20:35 +02:00
Jeroen Pinoy	4e31ad218e	add: [relationships] add a few relationship types and opposites	2024-04-15 21:07:07 +02:00
Karen Yousefi	21775dbecc	Update README.md add apk object	2024-04-01 04:01:51 +03:30
Karen Yousefi	4a2a337926	Create Apk Object Template Apk object describing a file with meta-information	2024-04-01 03:55:45 +03:30