Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch

2023-07-25 14:46:20 +02:00 · 2023-07-25 14:46:20 +02:00 · fb801871bf
parent 2b7d563439 5a14e15dd4
commit fb801871bf
4 changed files with 117 additions and 1 deletions
--- a/objects/abuseipdb/definition.json
+++ b/objects/abuseipdb/definition.json
@ -0,0 +1,34 @@
+{
+  "attributes": {
+    "abuse-confidence-score": {
+      "description": "Rating (0-100) of how confident AbuseIPDB is that an IP address is entirely malicious",
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
+    "is-malicious": {
+      "description": "If the IP is malicious based on the abuse-confidence-score and threshold",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "is-public": {
+      "description": "If an IP is public",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "is-tor": {
+      "description": "If Tor (The Onion Router) was used",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "is-whitelisted": {
+      "description": "If an IP is spotted in any of AbuseIPDB's whitelists",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    }
+  },
+  "description": "AbuseIPDB checks an ip address, domain name, or subnet against a central blacklist",
+  "meta-category": "network",
+  "name": "abuseipdb",
+  "uuid": "cccdaaf6-c140-461c-8d1c-aa79bbd029e0",
+  "version": 1
+}
--- a/objects/google-safe-browsing/definition.json
+++ b/objects/google-safe-browsing/definition.json
@ -0,0 +1,24 @@
+{
+  "attributes": {
+    "malicious": {
+      "description": "If the URL comes back as malicious",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "platforms": {
+      "description": "The platform identified (windows, linux, etc...)",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "threats": {
+      "description": "The threat type related to that URL (malware, social engineering, etc...)",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    }
+  },
+  "description": "Google Safe checks a URL against Google's constantly updated list of unsafe web resources.",
+  "meta-category": "network",
+  "name": "google-safe-browsing",
+  "uuid": "1f8af312-dfbb-4572-b894-dabe7c8798d8",
+  "version": 1
+}
--- a/objects/hhhash/definition.json
+++ b/objects/hhhash/definition.json
@ -0,0 +1,48 @@
+{
+  "attributes": {
+    "comment": {
+      "description": "A description of the HHHash object.",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
+    "hhhash": {
+      "description": "HHHash hash in format hhh:version:hash_value",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "hhhash-headers": {
+      "description": "HHHash value before being hash in the format each header is separated by a :.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "hhhash-query-headers": {
+      "description": "Set of headers used for the query in the format where each header is separated by a : .",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "hhhash-tool": {
+      "description": "HHHash crawling infrastructure or tool used to produce the HHHash value. ",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "python-hhhash",
+        "c-hhhash",
+        "go-hhhash",
+        "r-hhhash",
+        "lacus",
+        "Common Crawl",
+        "other"
+      ],
+      "ui-priority": 0
+    }
+  },
+  "description": "An object describing a HHHash object with the hash value along with the crawling parameters. For more information: https://www.foo.be/2023/07/HTTP-Headers-Hashing_HHHash",
+  "meta-category": "misc",
+  "name": "hhhash",
+  "requiredOneOf": [
+    "hhhash"
+  ],
+  "uuid": "4dbcde93-a4e0-4bee-913c-0988b5259d14",
+  "version": 1
+}
--- a/objects/ja3s/definition.json
+++ b/objects/ja3s/definition.json
@ -5,12 +5,22 @@
      "misp-attribute": "text",
      "ui-priority": 1
    },
+    "domain": {
+      "description": "Destination domain",
+      "misp-attribute": "domain",
+      "ui-priority": 1
+    },
    "first-seen": {
      "description": "First seen of the SSL/TLS handshake",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
+    "hostname": {
+      "description": "Destination hostname",
+      "misp-attribute": "hostname",
+      "ui-priority": 1
+    },
    "ip-dst": {
      "description": "Destination IP address",
      "misp-attribute": "ip-dst",
@ -46,5 +56,5 @@
    "ja3s-fingerprint-md5"
  ],
  "uuid": "7f377f66-d128-4b97-897f-592d06ba2ff7",
-  "version": 4
+  "version": 5
 }