From 113eb9e5a027b5cb00ad42ee87fd3f5c4d226599 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 3 Aug 2017 12:15:26 +0200
Subject: [PATCH] A cookie object has been added.

An HTTP cookie (web cookie, browser cookie) is a small piece of data
that a server sends to the user's web browser. The object includes
type which can help to describe the malicious use-case of the cookie.
---
 README.md                      |  1 +
 objects/cookie/definition.json | 43 ++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 objects/cookie/definition.json

diff --git a/README.md b/README.md
index 7cf6b58..c83773e 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,7 @@ for a specific attribute.
 ## Existing MISP objects
 
 * [objects/ail-leak](objects/ail-leak/definition.json) -  information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework).
+* [objects/cookie](objects/cookie/definition.json) - A cookie object describes an HTTP cookie including its use in malicious cases.
 * [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target.
 * [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
 * [objects/elf](objects/elf/definition.json) - Object describing an Executable and Linkable Format (ELF).
diff --git a/objects/cookie/definition.json b/objects/cookie/definition.json
new file mode 100644
index 0000000..bdff9ec
--- /dev/null
+++ b/objects/cookie/definition.json
@@ -0,0 +1,43 @@
+{
+  "required": [
+    "cookie"
+  ],
+  "attributes": {
+    "cookie": {
+      "ui-priority": 1,
+      "misp-attribute": "cookie"
+    },
+    "cookie-name": {
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "cookie-value": {
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "text": {
+      "description": "A description of the cookie.",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "type": {
+      "sane_default": [
+        "Session management",
+        "Personalization",
+        "Tracking",
+        "Exfiltration",
+        "Malicious Payload",
+        "Beaconing"
+      ],
+      "description": "Type of cookie and how it's used in this specific object.",
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    }
+  },
+  "version": 1,
+  "description": "An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.",
+  "meta-category": "network",
+  "uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8",
+  "name": "cookie"
+}