mirror of https://github.com/MISP/misp-objects
Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch
commit
fb801871bf
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
"abuse-confidence-score": {
|
||||||
|
"description": "Rating (0-100) of how confident AbuseIPDB is that an IP address is entirely malicious",
|
||||||
|
"misp-attribute": "counter",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"is-malicious": {
|
||||||
|
"description": "If the IP is malicious based on the abuse-confidence-score and threshold",
|
||||||
|
"misp-attribute": "boolean",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"is-public": {
|
||||||
|
"description": "If an IP is public",
|
||||||
|
"misp-attribute": "boolean",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"is-tor": {
|
||||||
|
"description": "If Tor (The Onion Router) was used",
|
||||||
|
"misp-attribute": "boolean",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"is-whitelisted": {
|
||||||
|
"description": "If an IP is spotted in any of AbuseIPDB's whitelists",
|
||||||
|
"misp-attribute": "boolean",
|
||||||
|
"ui-priority": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"description": "AbuseIPDB checks an ip address, domain name, or subnet against a central blacklist",
|
||||||
|
"meta-category": "network",
|
||||||
|
"name": "abuseipdb",
|
||||||
|
"uuid": "cccdaaf6-c140-461c-8d1c-aa79bbd029e0",
|
||||||
|
"version": 1
|
||||||
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
"malicious": {
|
||||||
|
"description": "If the URL comes back as malicious",
|
||||||
|
"misp-attribute": "boolean",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"platforms": {
|
||||||
|
"description": "The platform identified (windows, linux, etc...)",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"threats": {
|
||||||
|
"description": "The threat type related to that URL (malware, social engineering, etc...)",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"description": "Google Safe checks a URL against Google's constantly updated list of unsafe web resources.",
|
||||||
|
"meta-category": "network",
|
||||||
|
"name": "google-safe-browsing",
|
||||||
|
"uuid": "1f8af312-dfbb-4572-b894-dabe7c8798d8",
|
||||||
|
"version": 1
|
||||||
|
}
|
|
@ -0,0 +1,48 @@
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
"comment": {
|
||||||
|
"description": "A description of the HHHash object.",
|
||||||
|
"misp-attribute": "comment",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"hhhash": {
|
||||||
|
"description": "HHHash hash in format hhh:version:hash_value",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"hhhash-headers": {
|
||||||
|
"description": "HHHash value before being hash in the format each header is separated by a :.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"hhhash-query-headers": {
|
||||||
|
"description": "Set of headers used for the query in the format where each header is separated by a : .",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"hhhash-tool": {
|
||||||
|
"description": "HHHash crawling infrastructure or tool used to produce the HHHash value. ",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"sane_default": [
|
||||||
|
"python-hhhash",
|
||||||
|
"c-hhhash",
|
||||||
|
"go-hhhash",
|
||||||
|
"r-hhhash",
|
||||||
|
"lacus",
|
||||||
|
"Common Crawl",
|
||||||
|
"other"
|
||||||
|
],
|
||||||
|
"ui-priority": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"description": "An object describing a HHHash object with the hash value along with the crawling parameters. For more information: https://www.foo.be/2023/07/HTTP-Headers-Hashing_HHHash",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"name": "hhhash",
|
||||||
|
"requiredOneOf": [
|
||||||
|
"hhhash"
|
||||||
|
],
|
||||||
|
"uuid": "4dbcde93-a4e0-4bee-913c-0988b5259d14",
|
||||||
|
"version": 1
|
||||||
|
}
|
|
@ -5,12 +5,22 @@
|
||||||
"misp-attribute": "text",
|
"misp-attribute": "text",
|
||||||
"ui-priority": 1
|
"ui-priority": 1
|
||||||
},
|
},
|
||||||
|
"domain": {
|
||||||
|
"description": "Destination domain",
|
||||||
|
"misp-attribute": "domain",
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
"first-seen": {
|
"first-seen": {
|
||||||
"description": "First seen of the SSL/TLS handshake",
|
"description": "First seen of the SSL/TLS handshake",
|
||||||
"disable_correlation": true,
|
"disable_correlation": true,
|
||||||
"misp-attribute": "datetime",
|
"misp-attribute": "datetime",
|
||||||
"ui-priority": 0
|
"ui-priority": 0
|
||||||
},
|
},
|
||||||
|
"hostname": {
|
||||||
|
"description": "Destination hostname",
|
||||||
|
"misp-attribute": "hostname",
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
"ip-dst": {
|
"ip-dst": {
|
||||||
"description": "Destination IP address",
|
"description": "Destination IP address",
|
||||||
"misp-attribute": "ip-dst",
|
"misp-attribute": "ip-dst",
|
||||||
|
@ -46,5 +56,5 @@
|
||||||
"ja3s-fingerprint-md5"
|
"ja3s-fingerprint-md5"
|
||||||
],
|
],
|
||||||
"uuid": "7f377f66-d128-4b97-897f-592d06ba2ff7",
|
"uuid": "7f377f66-d128-4b97-897f-592d06ba2ff7",
|
||||||
"version": 4
|
"version": 5
|
||||||
}
|
}
|
Loading…
Reference in New Issue