Merge branch 'main' into main

Author: theobarrague

objects/authenticode-signerinfo/definition.json

@@ -5,8 +5,20 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
+    "digest-base64": {
+      "description": "Signature created by the signing certificate’s private key",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
     "digest_algorithm": {
-      "description": "Digest algorithm",
+      "description": "Algorithm used to hash the file.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "encryption_algorithm": {
+      "description": "Algorithm used to encrypt the digest",
       "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 0
@@ -22,6 +34,12 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
+    "serial-number": {
+      "description": "Serial number of the certificate",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
     "signature_algorithm": {
       "description": "Signature algorithm",
       "disable_correlation": true,
@@ -55,8 +73,9 @@
   "name": "authenticode-signerinfo",
   "requiredOneOf": [
     "url",
-    "program-name"
+    "program-name",
+    "issuer"
   ],
   "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e",
-  "version": 1
+  "version": 2
 }

objects/pe/definition.json

@@ -1,5 +1,10 @@
 {
   "attributes": {
+    "authentihash": {
+      "description": "Authenticode executable signature hash (sha256)",
+      "misp-attribute": "authentihash",
+      "ui-priority": 1
+    },
     "company-name": {
       "description": "CompanyName in the resources",
       "disable_correlation": true,
@@ -131,5 +136,5 @@
     "impfuzzy"
   ],
   "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
-  "version": 6
+  "version": 7
 }

objects/regexp/definition.json

@@ -19,7 +19,8 @@
         "PCRE",
         "PCRE2",
         "POSIX BRE",
-        "POSIX ERE"
+        "POSIX ERE",
+        "FCRE (Farsight Compatible Regular Expressions)"
       ]
     },
     "type": {
@@ -51,5 +52,5 @@
     "regexp"
   ],
   "uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
-  "version": 4
+  "version": 5
 }

objects/report/definition.json

@@ -9,6 +9,12 @@
       "misp-attribute": "text",
       "ui-priority": 1
     },
+    "link": {
+      "description": "Link to the report mentioned",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 100
+    },
     "report-file(s)": {
       "description": "Attachment(s) that is related to the report",
       "misp-attribute": "attachment",
@@ -30,8 +36,9 @@
   "meta-category": "misc",
   "name": "report",
   "required": [
-    "summary"
+    "summary",
+    "link"
   ],
   "uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
-  "version": 1
+  "version": 2
 }

objects/splunk/definition.json

@@ -46,6 +46,7 @@
       "description": "Search / Correlation search",
       "disable_correlation": true,
       "misp-attribute": "text",
+      "multiple": true,
       "ui-priority": 0
     }
   },
@@ -56,5 +57,5 @@
     "search"
   ],
   "uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8",
-  "version": 1
+  "version": 2
 }

objects/telegram-account/definition.json

@@ -0,0 +1,45 @@
+{
+  "attributes": {
+    "first_name": {
+      "description": "First name",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "id": {
+      "description": "Telegram user identifier",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "last_name": {
+      "description": "Last name",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "phone": {
+      "description": "Phone associated with the telegram user",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "username": {
+      "description": "Telegram username",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "verified": {
+      "description": "Verified",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "Information related to a telegram account",
+  "meta-category": "misc",
+  "name": "telegram-account",
+  "requiredOneOf": [
+    "id",
+    "phone",
+    "username"
+  ],
+  "uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c",
+  "version": 2
+}

objects/url/definition.json

@@ -35,6 +35,7 @@
     "ip": {
       "description": "Better type when the host is an IP.",
       "misp-attribute": "ip-dst",
+      "multiple": true,
       "ui-priority": 0
     },
     "last-seen": {
@@ -105,5 +106,5 @@
     "resource_path"
   ],
   "uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
-  "version": 8
+  "version": 9
 }

objects/virustotal-report/definition.json

@@ -5,6 +5,7 @@
         "External analysis"
       ],
       "description": "Comment related to this hash",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "multiple": true,
       "ui-priority": 2
@@ -32,6 +33,7 @@
         "Other"
       ],
       "description": "First Submission",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 0
     },
@@ -40,6 +42,7 @@
         "Other"
       ],
       "description": "Last Submission",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 0
     },
@@ -48,6 +51,7 @@
         "External analysis"
       ],
       "description": "Permalink Reference",
+      "disable_correlation": true,
       "misp-attribute": "link",
       "ui-priority": 2
     }
@@ -59,5 +63,5 @@
     "permalink"
   ],
   "uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
-  "version": 3
+  "version": 4
 }

objects/windows-service/definition.json

@@ -0,0 +1,92 @@
+{
+  "attributes": {
+    "comment": {
+      "description": "Additional comments.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "display": {
+      "description": "Display name/information of the service.",
+      "misp-attribute": "windows-service-displayname",
+      "ui-priority": 0
+    },
+    "group": {
+      "description": "Group to which the system/driver belong to.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Base",
+        "Boot Bus Extender",
+        "Boot File System",
+        "Cryptography",
+        "Extended base",
+        "Event Log",
+        "Filter",
+        "FSFilter Bottom",
+        "FSFilter Infrastructure",
+        "File System",
+        "FSFilter Virtualization",
+        "Keyboard Port",
+        "Network",
+        "NDIS",
+        "Parallel arbitrator",
+        "Pointer Port",
+        "PnP Filter",
+        "ProfSvc_Group",
+        "PNP_TDI",
+        "SCSI Miniport",
+        "SCSI CDROM Class",
+        "System Bus Extender",
+        "Video Save",
+        "other"
+      ],
+      "ui-priority": 0
+    },
+    "image-path": {
+      "description": "Path of the service/drive",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "name of the service",
+      "misp-attribute": "windows-service-name",
+      "ui-priority": 0
+    },
+    "start": {
+      "description": "When the service/driver starts or executes.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Boot start",
+        "System start",
+        "Auto start",
+        "Manual",
+        "Disabled"
+      ],
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Service/driver type.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Kernel driver",
+        "File system driver",
+        "Own process",
+        "Share process",
+        "Interactive",
+        "Other"
+      ],
+      "ui-priority": 0
+    }
+  },
+  "description": "Windows service and detailed about a service running a Windows operating system",
+  "meta-category": "misc",
+  "name": "windows-service",
+  "required": [
+    "name"
+  ],
+  "uuid": "7598cc63-7ba3-4d0a-91c0-b875c6013035",
+  "version": 1
+}

relationships/definition.json

@@ -1042,6 +1042,13 @@
       ],
       "name": "extends"
     },
+    {
+      "description": "Reprensents an object which writes towards another object or attribute",
+      "format": [
+        "misp"
+      ],
+      "name": "writes"
+    },
     {
       "description": "Represents the semantic link of an asn object being ranked with a bgp-ranking object",
       "format": [
@@ -1143,5 +1150,5 @@
       "name": "doxed-by"
     }
   ],
-  "version": 21
+  "version": 22
 }