new: [exploit] Exploit object template to describe code or program used

to exploit specific vulnerabilities. The objet can be linked to `vulnerability` objects but also device, iot, firmware or alike.
2022-09-26 07:40:11 +02:00 · 2022-09-26 07:40:11 +02:00 · 35df5bad01
parent 3cf9307b24
commit 35df5bad01
1 changed files with 91 additions and 0 deletions
--- a/objects/exploit/definition.json
+++ b/objects/exploit/definition.json
@ -0,0 +1,91 @@
+{
+  "attributes": {
+    "0day-today-id": {
+      "description": "Reference to the 0day.today referencing this exploit.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "accessibility": {
+      "description": "Accessibility of the exploit.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "values_list": [
+        "Unknown",
+        "Public",
+        "Limited",
+        "Paid"
+      ]
+    },
+    "comment": {
+      "description": "Comment associated to the exploit.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "credit": {
+      "description": "Credit(s) for the exploit (such as author, distributor or original source).",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cve-id": {
+      "description": "Reference to the CVE value targeted by the exploit.",
+      "misp-attribute": "vulnerability",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "exploit": {
+      "description": "Free text of the exploit.",
+      "misp-attribute": "text",
+      "ui-priority": 10
+    },
+    "exploit-as-attachment": {
+      "description": "Attachment of the exploit.",
+      "misp-attribute": "attachment",
+      "ui-priority": 10
+    },
+    "exploitdb-id": {
+      "description": "Reference to the ExploitDB referencing this exploit.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "filename": {
+      "description": "Filename used for the exploit.",
+      "disable_correlation": true,
+      "misp-attribute": "filename",
+      "multiple": true,
+      "ui-priority": 8
+    },
+    "level": {
+      "description": "Level of the exploit.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "values_list": [
+        "Unknown",
+        "Proof-of-Concept",
+        "Functional",
+        "Production-ready"
+      ]
+    },
+    "reference": {
+      "description": "Reference to the exploit.",
+      "disable_correlation": true,
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Exploit object describes a program in binary or source code form used to abuse one or more vulnerabilities.",
+  "meta-category": "misc",
+  "name": "exploit",
+  "requiredOneOf": [
+    "exploit",
+    "filename",
+    "exploit-as-attachment"
+  ],
+  "uuid": "611a25d5-d8aa-4dde-b9c8-c084e786ebf3",
+  "version": 1
+}