1+ {
2+ "attributes" : {
3+ "affected-range" : {
4+ "description" : " Affected version range expression from affected[].ranges." ,
5+ "disable_correlation" : true ,
6+ "misp-attribute" : " text" ,
7+ "multiple" : true ,
8+ "ui-priority" : 7
9+ },
10+ "affected-version" : {
11+ "description" : " Known malicious or impacted package version from affected[].versions." ,
12+ "misp-attribute" : " text" ,
13+ "multiple" : true ,
14+ "ui-priority" : 8
15+ },
16+ "analysis" : {
17+ "description" : " Behavioral details explaining why the package is malicious (payload, trigger, campaign, impact)." ,
18+ "disable_correlation" : true ,
19+ "misp-attribute" : " text" ,
20+ "ui-priority" : 7
21+ },
22+ "ecosystem" : {
23+ "description" : " Package ecosystem from OSV package.ecosystem (e.g. npm, PyPI, Maven, Go)." ,
24+ "disable_correlation" : true ,
25+ "misp-attribute" : " text" ,
26+ "ui-priority" : 10
27+ },
28+ "ioc-domain" : {
29+ "description" : " Domain IoC extracted from database_specific.iocs.domains." ,
30+ "misp-attribute" : " domain" ,
31+ "multiple" : true ,
32+ "ui-priority" : 9
33+ },
34+ "ioc-ip" : {
35+ "description" : " IP IoC extracted from database_specific.iocs.ips." ,
36+ "misp-attribute" : " ip-dst" ,
37+ "multiple" : true ,
38+ "ui-priority" : 9
39+ },
40+ "ioc-url" : {
41+ "description" : " URL IoC extracted from database_specific.iocs.urls." ,
42+ "misp-attribute" : " url" ,
43+ "multiple" : true ,
44+ "ui-priority" : 9
45+ },
46+ "origin-sha256" : {
47+ "description" : " SHA-256 digest representing original source report content." ,
48+ "misp-attribute" : " sha256" ,
49+ "multiple" : true ,
50+ "ui-priority" : 3
51+ },
52+ "origin-source" : {
53+ "description" : " Data source identifier from database_specific.malicious-packages-origins[].source." ,
54+ "disable_correlation" : true ,
55+ "misp-attribute" : " text" ,
56+ "multiple" : true ,
57+ "ui-priority" : 4
58+ },
59+ "package-name" : {
60+ "description" : " Name of the affected package from OSV package.name." ,
61+ "misp-attribute" : " text" ,
62+ "ui-priority" : 10
63+ },
64+ "reference" : {
65+ "description" : " Reference URL to advisories, source reports, or related analysis." ,
66+ "disable_correlation" : true ,
67+ "misp-attribute" : " link" ,
68+ "multiple" : true ,
69+ "ui-priority" : 6
70+ },
71+ "report-id" : {
72+ "description" : " OSV report identifier (e.g. MAL-2025-XXXX)." ,
73+ "misp-attribute" : " text" ,
74+ "ui-priority" : 10
75+ },
76+ "report-modified" : {
77+ "description" : " OSV report modified timestamp." ,
78+ "disable_correlation" : true ,
79+ "misp-attribute" : " datetime" ,
80+ "ui-priority" : 5
81+ },
82+ "state" : {
83+ "description" : " Lifecycle state of the report in the feed." ,
84+ "disable_correlation" : true ,
85+ "misp-attribute" : " text" ,
86+ "sane_default" : [
87+ " active" ,
88+ " withdrawn" ,
89+ " unknown"
90+ ],
91+ "ui-priority" : 6
92+ }
93+ },
94+ "description" : " Object describing a malicious open source package report from an OSV-style feed such as OpenSSF malicious-packages." ,
95+ "meta-category" : " misc" ,
96+ "name" : " malicious-package-report" ,
97+ "requiredOneOf" : [
98+ " package-name" ,
99+ " report-id"
100+ ],
101+ "uuid" : " 2f8a8711-6ef8-4a9d-89de-f547670573cb" ,
102+ "version" : 1
103+ }
0 commit comments