A cookie object has been added.

An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The object includes type which can help to describe the malicious use-case of the cookie.
2017-08-03 12:15:26 +02:00 · 2017-08-03 12:15:26 +02:00 · 113eb9e5a0
parent 08e5ebe995
commit 113eb9e5a0
2 changed files with 44 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -64,6 +64,7 @@ for a specific attribute.
 ## Existing MISP objects

 * [objects/ail-leak](objects/ail-leak/definition.json) -  information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework).
+* [objects/cookie](objects/cookie/definition.json) - A cookie object describes an HTTP cookie including its use in malicious cases.
 * [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target.
 * [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
 * [objects/elf](objects/elf/definition.json) - Object describing an Executable and Linkable Format (ELF).
--- a/objects/cookie/definition.json
+++ b/objects/cookie/definition.json
@ -0,0 +1,43 @@
+{
+  "required": [
+    "cookie"
+  ],
+  "attributes": {
+    "cookie": {
+      "ui-priority": 1,
+      "misp-attribute": "cookie"
+    },
+    "cookie-name": {
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "cookie-value": {
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "text": {
+      "description": "A description of the cookie.",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "type": {
+      "sane_default": [
+        "Session management",
+        "Personalization",
+        "Tracking",
+        "Exfiltration",
+        "Malicious Payload",
+        "Beaconing"
+      ],
+      "description": "Type of cookie and how it's used in this specific object.",
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    }
+  },
+  "version": 1,
+  "description": "An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.",
+  "meta-category": "network",
+  "uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8",
+  "name": "cookie"
+}