diff --git a/README.md b/README.md index a904b539..d55c2d62 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/annotation](https://github.com/MISP/misp-objects/blob/main/objects/annotation/definition.json) - An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes. - [objects/anonymisation](https://github.com/MISP/misp-objects/blob/main/objects/anonymisation/definition.json) - Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml. - [objects/apivoid-email-verification](https://github.com/MISP/misp-objects/blob/main/objects/apivoid-email-verification/definition.json) - Apivoid email verification API result. Reference: https://www.apivoid.com/api/email-verify/. +- [objects/apk](https://github.com/MISP/misp-objects/blob/main/objects/apk/definition.json) - Apk object describing a file with meta-information. - [objects/artifact](https://github.com/MISP/misp-objects/blob/main/objects/artifact/definition.json) - The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. From STIX 2.1 (6.1). - [objects/asn](https://github.com/MISP/misp-objects/blob/main/objects/asn/definition.json) - Autonomous system object describing an autonomous system which can include one or more network operators managing an entity (e.g. ISP) along with their routing policy, routing prefixes or alike. - [objects/attack-pattern](https://github.com/MISP/misp-objects/blob/main/objects/attack-pattern/definition.json) - Attack pattern describing a common attack pattern enumeration and classification. diff --git a/objects/apk/definition.json b/objects/apk/definition.json new file mode 100644 index 00000000..8e4e566a --- /dev/null +++ b/objects/apk/definition.json @@ -0,0 +1,188 @@ +{ + "attributes": { + "malware-sample": { + "description": "The file itself (binary)", + "misp-attribute": "malware-sample", + "ui-priority": 1 + }, + "filename": { + "categories": [ + "Payload delivery", + "Artifacts dropped", + "Payload installation", + "External analysis" + ], + "description": "Filename on disk", + "misp-attribute": "filename", + "multiple": true, + "ui-priority": 1 + }, + "md5": { + "description": "[Insecure] MD5 hash (128 bits)", + "misp-attribute": "md5", + "recommended": false, + "ui-priority": 1 + }, + "sha256": { + "description": "Secure Hash Algorithm 2 (256 bits)", + "misp-attribute": "sha256", + "ui-priority": 1 + }, + "sha1": { + "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)", + "misp-attribute": "sha1", + "recommended": false, + "ui-priority": 1 + }, + "ssdeep": { + "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)", + "misp-attribute": "ssdeep", + "ui-priority": 1 + }, + "tlsh": { + "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash", + "misp-attribute": "tlsh", + "ui-priority": 1 + }, + "sha224": { + "description": "Secure Hash Algorithm 2 (224 bits)", + "misp-attribute": "sha224", + "recommended": false, + "ui-priority": 1 + }, + "sha384": { + "description": "Secure Hash Algorithm 2 (384 bits)", + "misp-attribute": "sha384", + "recommended": false, + "ui-priority": 1 + }, + "sha512": { + "description": "Secure Hash Algorithm 2 (512 bits)", + "misp-attribute": "sha512", + "ui-priority": 1 + }, + "size-in-bytes": { + "description": "Size of the file, in bytes", + "disable_correlation": true, + "misp-attribute": "size-in-bytes", + "ui-priority": 1 + }, + "state": { + "description": "State of the file", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1, + "values_list": [ + "Malicious", + "Harmless", + "Signed", + "Revoked", + "Expired", + "Trusted" + ] + }, + "package-name": { + "description": "The package name of an Android app", + "misp-attribute": "text", + "recommended": true, + "ui-priority": 1 + }, + "sha3-224": { + "description": "Secure Hash Algorithm 3 (224 bits)", + "misp-attribute": "sha3-224", + "recommended": false, + "ui-priority": 0 + }, + "sha3-256": { + "description": "Secure Hash Algorithm 3 (256 bits)", + "misp-attribute": "sha3-256", + "recommended": false, + "ui-priority": 0 + }, + "sha3-384": { + "description": "Secure Hash Algorithm 3 (384 bits)", + "misp-attribute": "sha3-384", + "recommended": false, + "ui-priority": 0 + }, + "sha3-512": { + "description": "Secure Hash Algorithm 3 (512 bits)", + "misp-attribute": "sha3-512", + "recommended": false, + "ui-priority": 0 + }, + "sha512/224": { + "description": "Secure Hash Algorithm 2 (224 bits)", + "misp-attribute": "sha512/224", + "recommended": false, + "ui-priority": 0 + }, + "sha512/256": { + "description": "Secure Hash Algorithm 2 (256 bits)", + "misp-attribute": "sha512/256", + "recommended": false, + "ui-priority": 0 + }, + "mimetype": { + "description": "Mime type", + "disable_correlation": true, + "misp-attribute": "mime-type", + "ui-priority": 0 + }, + "url": { + "categories": [ + "Payload delivery" + ], + "description": "Malware delivery url", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 1 + }, + "vhash": { + "description": "vhash by VirusTotal", + "misp-attribute": "vhash", + "ui-priority": 0 + }, + "access-time": { + "description": "The last time the file was accessed", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "creation-time": { + "description": "Creation time of the file", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "modification-time": { + "description": "Last time the file was modified", + "misp-attribute": "datetime", + "ui-priority": 0 + } + }, + "description": "Apk object describing a file with meta-information", + "meta-category": "file", + "name": "apk", + "requiredOneOf": [ + "filename", + "size-in-bytes", + "ssdeep", + "md5", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "sha512/224", + "sha512/256", + "sha3-224", + "sha3-256", + "sha3-384", + "sha3-512", + "tlsh", + "malware-sample", + "url" + ], + "uuid": "501bf5cf-28e0-4a5a-8056-e811c6447cfa", + "version": 2 +}