From 7518752dff9730f5d6f2e5bdbdebd8259b48eb00 Mon Sep 17 00:00:00 2001 From: David Cruciani Date: Mon, 16 Jan 2023 07:48:03 +0100 Subject: [PATCH] add: [object] typosquatting-finder --- .../definition.json | 89 +++++++++++++++++++ objects/typosquatting-finder/definition.json | 37 ++++++++ 2 files changed, 126 insertions(+) create mode 100644 objects/typosquatting-finder-result/definition.json create mode 100644 objects/typosquatting-finder/definition.json diff --git a/objects/typosquatting-finder-result/definition.json b/objects/typosquatting-finder-result/definition.json new file mode 100644 index 0000000..e80b1bd --- /dev/null +++ b/objects/typosquatting-finder-result/definition.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "queried-domain": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain name", + "misp-attribute": "domain", + "ui-priority": 1 + }, + "a-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "IPv4 address associated with A record", + "misp-attribute": "ip-dst", + "multiple": true, + "ui-priority": 1 + }, + "aaaa-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "IPv6 address associated with AAAA record", + "misp-attribute": "ip-dst", + "multiple": true, + "ui-priority": 1 + }, + "mx-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain associated with MX record", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 1 + }, + "ns-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain associated with NS record", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 1 + }, + "website-title": { + "description": "Website's title of the current queried domain", + "disable_correlation": false, + "misp-attribute": "text", + "recommended": false, + "ui-priority": 1 + }, + "website-similarity": { + "description": "Similarity between website of both research and current variations domain", + "disable_correlation": true, + "misp-attribute": "text", + "recommended": false, + "ui-priority": 1 + }, + "website-ressource-diff": { + "description": "Difference of website's ressources between both, research and current variations domain", + "disable_correlation": true, + "misp-attribute": "text", + "recommended": false, + "ui-priority": 1 + }, + "ratio-similarity": { + "description": "Similarity probability", + "disable_correlation": true, + "misp-attribute": "text", + "recommended": false, + "ui-priority": 1 + } + }, + "description": "Typosquatting result", + "meta-category": "network", + "name": "typosquatting-finder-result", + "required": [ + "queried-domain" + ], + "uuid": "22151d90-b39b-498c-86c7-126ddd2e1a55", + "version": 1 + } \ No newline at end of file diff --git a/objects/typosquatting-finder/definition.json b/objects/typosquatting-finder/definition.json new file mode 100644 index 0000000..72bad72 --- /dev/null +++ b/objects/typosquatting-finder/definition.json @@ -0,0 +1,37 @@ +{ + "attributes": { + "research-domain": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Research domain name", + "disable_correlation": false, + "misp-attribute": "domain", + "recommended": false, + "ui-priority": 1 + }, + "variations-number": { + "description": "Number of variations for the research domain.", + "disable_correlation": true, + "misp-attribute": "text", + "recommended": false, + "ui-priority": 1 + }, + "variations-found-number": { + "description": "Number of variations for the research domain that some info is found.", + "disable_correlation": true, + "misp-attribute": "text", + "recommended": false, + "ui-priority": 1 + } + }, + "description": "Typosquatting info", + "meta-category": "network", + "name": "typosquatting-finder", + "required": [ + "research-domain" + ], + "uuid": "3414fbe7-6f8c-4ed5-bc51-9a11a3a29822", + "version": 1 +} \ No newline at end of file