misp-objects/objects/rogue-dns/definition.json

{
  "attributes": {
    "hijacked-domain": {
      "categories": [
        "Network activity"
      ],
      "description": "Domain/hostname hijacked by the the rogue DNS",
      "misp-attribute": "hostname",
      "ui-priority": 1
    },
    "phishing-ip": {
      "description": "Resource records returns by the rogue DNS",
      "misp-attribute": "ip-dst",
      "ui-priority": 1
    },
    "rogue-dns": {
      "description": "IP address of the rogue DNS",
      "misp-attribute": "ip-dst",
      "ui-priority": 0
    },
    "status": {
      "description": "How many authoritative DNS answers were received at the Passive DNS Server's collectors with exactly the given set of values as answers.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "ROGUE DNS",
        "Unknown"
      ],
      "ui-priority": 0
    },
    "timestamp": {
      "description": "Last time that the rogue DNS value was seen.",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    }
  },
  "description": "Rogue DNS as defined by CERT.br",
  "meta-category": "network",
  "name": "rogue-dns",
  "required": [
    "rogue-dns"
  ],
  "uuid": "b7e7859b-6872-4fd2-ac49-f66ccb904505",
  "version": 1
}
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`{`
			`"attributes": {`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"hijacked-domain": {`
			`"categories": [`
			`"Network activity"`
			`],`
			`"description": "Domain/hostname hijacked by the the rogue DNS",`
			`"misp-attribute": "hostname",`
			`"ui-priority": 1`
			`},`
			`"phishing-ip": {`
			`"description": "Resource records returns by the rogue DNS",`
			`"misp-attribute": "ip-dst",`
			`"ui-priority": 1`
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`},`
			`"rogue-dns": {`
			`"description": "IP address of the rogue DNS",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "ip-dst",`
			`"ui-priority": 0`
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`},`
			`"status": {`
			`"description": "How many authoritative DNS answers were received at the Passive DNS Server's collectors with exactly the given set of values as answers.",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"disable_correlation": true,`
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`"misp-attribute": "text",`
			`"sane_default": [`
			`"ROGUE DNS",`
			`"Unknown"`
			`],`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"timestamp": {`
			`"description": "Last time that the rogue DNS value was seen.",`
			`"disable_correlation": true,`
			`"misp-attribute": "datetime",`
			`"ui-priority": 0`
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`}`
			`},`
			`"description": "Rogue DNS as defined by CERT.br",`
			`"meta-category": "network",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"name": "rogue-dns",`
			`"required": [`
			`"rogue-dns"`
			`],`
chg: [rogue-dns] new object template expressing rogue dns Thanks to CERT.br for the contribution 2019-06-18 17:38:45 +02:00			`"uuid": "b7e7859b-6872-4fd2-ac49-f66ccb904505",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"version": 1`
			`}`