chg: [device] added hits, status and infection_type (from ShadowServer)

- request for VarIOT project
pull/334/head
Alexandre Dulaunoy 2021-10-25 15:52:34 +02:00
parent 960a03be22
commit dcc9e4c8be
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 285 additions and 1 deletions

View File

@ -57,6 +57,279 @@
"multiple": true,
"ui-priority": 0
},
"hits": {
"description": "Number of hits for the device",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"infection_type": {
"description": "Type of infection if the device is in Infected status",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"android_spams",
"android.bakdoor.prizmes",
"android.bankbot",
"android.banker.anubis",
"android.bankspy",
"android.cliaid",
"android.darksilent",
"android.fakeav",
"android.fakebank",
"android.fakedoc",
"android.fakeinst",
"android.fakemart",
"android.faketoken",
"android.fobus",
"android.fungram",
"android.geost",
"android.gopl",
"android.hiddad",
"android.hqwar",
"android.hummer",
"android.infosteal",
"android.iop",
"android.lockdroid",
"android.milipnot",
"android.nitmo",
"android.opfake",
"android.premiumtext",
"android.provar",
"android.pwstealer",
"android.rootnik",
"android.skyfin",
"android.smsbot",
"android.smssilence",
"android.smsspy",
"android.smsspy.be24",
"android.sssaaa",
"android.teleplus",
"android.uupay",
"android.voxv",
"avalanche-andromeda",
"banatrix",
"bankpatch",
"bebloh",
"bedep",
"betabot",
"bitcoinminer",
"blackbeard",
"blakamba",
"boinberg",
"buhtrap",
"caphaw",
"carberp",
"chafer",
"changeup",
"chinad",
"citadel",
"cobint",
"coinminer",
"conficker",
"cryptowall",
"cutwail",
"cycbot",
"diaminer",
"dimnie",
"dipverdle",
"dircrypt",
"dirtjumper",
"disorderstatus",
"dmsniff",
"dofoil",
"domreg",
"dorkbot",
"dorkbot-ssl",
"dresscode",
"dybalom",
"ek.fallout",
"emoted",
"emotet",
"esfury",
"expiro",
"exploitkit.fallout",
"extenbro",
"fake_cs_updater",
"fakerean",
"fallout.exploitkit",
"fast-flux",
"fast-flux-double",
"fast-flux;fast-flux-double",
"fleercivet",
"fobber",
"foxbantrix",
"foxbantrix-unknown",
"generic.malware",
"geodo",
"gonderici",
"gootkit",
"gozi",
"gspy",
"gtfobot",
"hancitor",
"harnig",
"htm5player.vast",
"ibanking",
"icedid",
"infected",
"iotreaper",
"ip-spoofer",
"ircbot",
"isfb",
"jadtre",
"jdk-update-apt",
"js.worm.bondat",
"junk-domains",
"kasidet",
"kbot",
"kelihos",
"kelihos.e",
"keylogger",
"keylogger-ftp",
"keylogger-vbklip",
"kidminer",
"kingminer",
"koobface",
"kraken",
"kronos",
"kwampirs",
"lethic",
"linux.backdoor.setag",
"linux.ngioweb",
"litemanager",
"loader",
"locky",
"loki",
"lokibot",
"luminositylink",
"lurkbanker",
"madominer",
"magecart",
"maliciouswebsites",
"malvertising.doubleclick",
"malwaretom",
"marcher",
"matrix",
"matsnu",
"menupass",
"mewsspy",
"miner.monero",
"minr",
"mirai",
"mix2",
"mkero",
"monero",
"mozi",
"muddywater",
"murofet",
"mysafeproxymonitor",
"nametrick",
"necurs",
"netsupport",
"nettraveler",
"neurevt",
"nitol",
"nivdort",
"nukebot",
"null",
"nymaim",
"nymain",
"osx.fakeflash",
"palevo",
"pawnstorm",
"phishing",
"phishing.cobalt",
"phishing.cobalt_dickens",
"phorpiex",
"pitou",
"plasma-tomas",
"ponmocup",
"pony",
"poseidon",
"powerstats",
"proxyback",
"pushdo",
"pws.pony",
"pykspa",
"qadars",
"qakbot",
"qqblack",
"qrypter.rat",
"qsnatch",
"racoon",
"ramdo",
"ramnit",
"ranbyus",
"ransom.cerber",
"ransomware",
"ransomware.shade",
"rat.vermin",
"renocide",
"revil",
"rodecap",
"sality",
"sality-p2p",
"servhelper",
"sgminer",
"shifu",
"shiz",
"sinowal",
"sisron",
"sodinokibi",
"spam",
"sphinx",
"spyeye",
"ssh-brute-force",
"ssl",
"ssl-az7",
"ssl-unknown-bot-test",
"ssl-vmzeus",
"stantinko",
"tdss",
"teleru",
"telnet-brute-force",
"tinba",
"tinba-dga",
"trickbot",
"triton",
"trojan.click3",
"trojan.fakeav",
"trojan.includer",
"trojan.win32.razy.gen",
"unknown",
"unknown-bot-test",
"valak",
"vawtrak",
"vbklip",
"verst",
"victorygate.a",
"victorygate.b",
"victorygate.c",
"virut",
"vmzeus",
"vobfus",
"volatile_cedar",
"vpnfilter_stage3",
"wannacrypt",
"wauchos",
"webminer.cdn",
"win.neurevt",
"worm.kasidet",
"worm.phorpiex",
"wowlik",
"wrokni",
"xbash",
"xmrminer",
"xpaj",
"xshellghost",
"yoddos",
"zeus",
"zeus_gameover",
"zeus_panda",
"zloader"
]
},
"ip-address": {
"description": "Device IP address",
"misp-attribute": "ip-src",
@ -68,6 +341,17 @@
"misp-attribute": "text",
"ui-priority": 101
},
"status": {
"description": "Status of the device",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Infected",
"Exposed",
"Unknown",
"Clean"
]
},
"version": {
"description": "Version of the device/ OS",
"disable_correlation": true,
@ -83,5 +367,5 @@
"alias"
],
"uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52",
"version": 7
"version": 9
}