Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch

Author: chrisr3d

objects/coin-address/definition.json

@@ -5,6 +5,11 @@
       "misp-attribute": "btc",
       "ui-priority": 1
     },
+    "address-crypto": {
+      "description": "Generic cryptocurrency address if the format is not a standard BTC or XMR address",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "address-xmr": {
       "description": "Monero address used as a payment destination in a cryptocurrency",
       "misp-attribute": "xmr",
@@ -103,8 +108,9 @@
   "name": "coin-address",
   "requiredOneOf": [
     "address",
-    "address-xmr"
+    "address-xmr",
+    "address-crypto"
   ],
   "uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
-  "version": 5
+  "version": 6
 }

objects/cryptocurrency-transaction/definition.json

@@ -0,0 +1,84 @@
+{
+  "attributes": {
+    "address": {
+      "description": "A cryptocurrency transactional address",
+      "misp-attribute": "btc",
+      "ui-priority": 0
+    },
+    "symbol": {
+      "description": "The (uppercase) symbol of the cryptocurrency used. Symbol should be from https://coinmarketcap.com/all/views/all/",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "BTC",
+        "ETH",
+        "BCH",
+        "XRP",
+        "MIOTA",
+        "DASH",
+        "BTG",
+        "LTC",
+        "ADA",
+        "XMR",
+        "ETC",
+        "NEO",
+        "NEM",
+        "EOS",
+        "XLM",
+        "BCC",
+        "LSK",
+        "OMG",
+        "QTUM",
+        "ZEC",
+        "USDT",
+        "HSR",
+        "STRAT",
+        "WAVES",
+        "PPT",
+        "ETN"
+      ],
+      "ui-priority": 1
+    },
+    "time": {
+      "description": "Date and time of transaction",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "transaction-number": {
+      "description": "A transaction number in a sequence of transactions",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "value": {
+      "description": "Value in cryptocurrency at date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "value_EUR": {
+      "description": "Value in EUR with conversion rate as of date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "value_USD": {
+      "description": "Value in USD with conversion rate as of date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    }
+  },
+  "description": "An object to describe a cryptocurrency transaction.",
+  "meta-category": "financial",
+  "name": "cryptocurrency-transaction",
+  "requiredOneOf": [
+    "transaction-number",
+    "time",
+    "value",
+    "address"
+  ],
+  "uuid": "a4aab70f-e43a-48cb-bf82-505de8228dd6",
+  "version": 1
+}

objects/cs-beacon-config/definition.json

@@ -9,6 +9,12 @@
       "multiple": true,
       "ui-priority": 1
     },
+    "ip": {
+      "description": "IP of the C2",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "jar-md5": {
       "categories": [
         "External analysis"
@@ -17,6 +23,11 @@
       "misp-attribute": "md5",
       "ui-priority": 0
     },
+    "license-id": {
+      "description": "License ID of the Colbalt Strike",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "md5": {
       "categories": [
         "Payload delivery"
@@ -69,5 +80,5 @@
     "watermark"
   ],
   "uuid": "d17355ef-ca1f-4b5a-86cd-65d877991f54",
-  "version": 1
+  "version": 2
 }

objects/ilr-notification-incident/definition.json

@@ -24,7 +24,7 @@
       "misp-attribute": "text",
       "ui-priority": 0,
       "values_list": [
-        "rreur humaine",
+        "Erreur humaine",
         "Defaut systeme 'hardware', 'software', 'procedures'",
         "Attaque malveillante",
         "Defaut d’une partie tierce ou externe",

relationships/definition.json

@@ -1728,4 +1728,4 @@
     }
   ],
   "version": 40
-}
+}