mirror of https://github.com/MISP/misp-objects
Merge branch 'main' of github.com:MISP/misp-objects
commit
7006ed94cc
|
@ -283,6 +283,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
|
||||||
- [objects/irc](https://github.com/MISP/misp-objects/blob/main/objects/irc/definition.json) - An IRC object to describe an IRC server and the associated channels.
|
- [objects/irc](https://github.com/MISP/misp-objects/blob/main/objects/irc/definition.json) - An IRC object to describe an IRC server and the associated channels.
|
||||||
- [objects/ja3](https://github.com/MISP/misp-objects/blob/main/objects/ja3/definition.json) - JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3.
|
- [objects/ja3](https://github.com/MISP/misp-objects/blob/main/objects/ja3/definition.json) - JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3.
|
||||||
- [objects/ja3s](https://github.com/MISP/misp-objects/blob/main/objects/ja3s/definition.json) - JA3S is JA3 for the Server side of the SSL/TLS communication and fingerprints how servers respond to particular clients. JA3S fingerprints are composed of Server Hello packet; SSL Version, Cipher, SSLExtensions. https://github.com/salesforce/ja3.
|
- [objects/ja3s](https://github.com/MISP/misp-objects/blob/main/objects/ja3s/definition.json) - JA3S is JA3 for the Server side of the SSL/TLS communication and fingerprints how servers respond to particular clients. JA3S fingerprints are composed of Server Hello packet; SSL Version, Cipher, SSLExtensions. https://github.com/salesforce/ja3.
|
||||||
|
- [objects/ja4-plus](https://github.com/MISP/misp-objects/blob/main/objects/ja4-plus/definition.json) - JA4 is a technique for creating network fingerprints that are easy to produce and can be easily shared for threat intelligence. https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/README.md.
|
||||||
- [objects/jarm](https://github.com/MISP/misp-objects/blob/main/objects/jarm/definition.json) - Jarm object to describe an TLS/SSL implementation used for malicious or legitimate use-case.
|
- [objects/jarm](https://github.com/MISP/misp-objects/blob/main/objects/jarm/definition.json) - Jarm object to describe an TLS/SSL implementation used for malicious or legitimate use-case.
|
||||||
- [objects/keybase-account](https://github.com/MISP/misp-objects/blob/main/objects/keybase-account/definition.json) - Information related to a keybase account, from API Users Object.
|
- [objects/keybase-account](https://github.com/MISP/misp-objects/blob/main/objects/keybase-account/definition.json) - Information related to a keybase account, from API Users Object.
|
||||||
- [objects/language-content](https://github.com/MISP/misp-objects/blob/main/objects/language-content/definition.json) - The Language Content object represents text content for objects represented in languages other than that of the original object. Language content may be a translation of the original object by a third-party, a first-source translation by the original publisher, or additional official language content provided at the time of creation. STIX 2.1 ref 7.1.
|
- [objects/language-content](https://github.com/MISP/misp-objects/blob/main/objects/language-content/definition.json) - The Language Content object represents text content for objects represented in languages other than that of the original object. Language content may be a translation of the original object by a third-party, a first-source translation by the original publisher, or additional official language content provided at the time of creation. STIX 2.1 ref 7.1.
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
"description": {
|
||||||
|
"description": "Description of the JA4+ fingerprint including scope, collection or specific notes which could help an analyst to reproduce the calculation.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
|
"ip-src": {
|
||||||
|
"description": "IP address related to this JA4+ fingerprint.",
|
||||||
|
"misp-attribute": "ip-src",
|
||||||
|
"multiple": true,
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
|
"ja4-fingerprint": {
|
||||||
|
"description": "A JA4+ fingerprint as defined by the JA4+ standard in textual format.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
|
"ja4-type": {
|
||||||
|
"description": "One of the JA4+ type expressed as short name.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"sane_default": [
|
||||||
|
"JA4",
|
||||||
|
"JA4S",
|
||||||
|
"JA4H",
|
||||||
|
"JA4L",
|
||||||
|
"JA4X",
|
||||||
|
"JA4SSH",
|
||||||
|
"JA4T",
|
||||||
|
"JA4TS",
|
||||||
|
"JA4TScan"
|
||||||
|
],
|
||||||
|
"ui-priority": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"description": "JA4 is a technique for creating network fingerprints that are easy to produce and can be easily shared for threat intelligence. https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/README.md",
|
||||||
|
"meta-category": "network",
|
||||||
|
"name": "ja4-plus",
|
||||||
|
"required": [
|
||||||
|
"ja4-fingerprint",
|
||||||
|
"ja4-type"
|
||||||
|
],
|
||||||
|
"uuid": "2c15c75e-e7db-4b62-8d17-633e7571818f",
|
||||||
|
"version": 2
|
||||||
|
}
|
|
@ -14,6 +14,12 @@
|
||||||
"misp-attribute": "text",
|
"misp-attribute": "text",
|
||||||
"ui-priority": 1
|
"ui-priority": 1
|
||||||
},
|
},
|
||||||
|
"ip": {
|
||||||
|
"description": "IP address of the phishing website",
|
||||||
|
"misp-attribute": "ip-dst",
|
||||||
|
"multiple": true,
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
"online": {
|
"online": {
|
||||||
"description": "If the phishing is online and operational, by default is yes",
|
"description": "If the phishing is online and operational, by default is yes",
|
||||||
"disable_correlation": true,
|
"disable_correlation": true,
|
||||||
|
@ -113,5 +119,5 @@
|
||||||
"url"
|
"url"
|
||||||
],
|
],
|
||||||
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
|
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
|
||||||
"version": 6
|
"version": 7
|
||||||
}
|
}
|
Loading…
Reference in New Issue