forked from xarf/xarf-schemata
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathabuse_bot-infection_0.2.0_unstable.json
116 lines (116 loc) · 3.09 KB
/
abuse_bot-infection_0.2.0_unstable.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
{
"description":"A report for systems which are infected with a bot",
"type":"object",
"properties":{
"Reported-From":{
"type":"string",
"format":"email"
},
"Report-ID":{
"type":"string",
"format":"email"
},
"User-Agent":{
"description":"This field describes the software which generated this report email, this is not necessarily software used on the targeted system",
"type":"string"
},
"Category":{
"type":"string",
"enum":["abuse"]
},
"Report-Type":{
"type":"string",
"enum":["bot-infection"]
},
"Date":{
"type":"string",
"format":"date-time"
},
"Destination":{
"type":"string",
"optional":true,
"requires":"Destination-Type"
},
"Destination-Type":{
"type":"string",
"enum":["ipv4","ipv6","ip-address"],
"optional":true
},
"Destination-Port":{
"type":"integer",
"optional":true
},
"Destination-ASN":{
"type": "integer",
"optional": true
},
"Source":{
"description":"This field describes the source-ip where the bot infection is hosted",
"type":"string"
},
"Source-Type":{
"type":"string",
"enum":["ipv4","ipv6","ip-address"]
},
"Source-Port":{
"description":"This field describes the source-port from which the bot infected host communicated",
"type":"integer",
"optional":true
},
"Source-ASN":{
"type": "integer",
"optional": true
},
"Transport-Protocol":{
"type": "string",
"optional": true
},
"Classification-Taxonomy": {
"type": "string",
"optional": true
},
"Classification-Type": {
"type": "string",
"optional": true
},
"Classification-Identifier": {
"type": "string",
"optional": true
},
"Malware-Name":{
"type":"string",
"optional": true
},
"Malware-MD5":{
"type":"string",
"optional":true
},
"Feedback-Link":{
"description":"May provide a feedback link for the receiver",
"type":"string",
"format":"uri",
"optional":true
},
"Attachment":{
"type":"string",
"enum":["none","text/plain"]
},
"Schema-URL":{
"type":"string",
"format":"uri"
},
"Version":{
"type":"number",
"optional":true
},
"Occurrences":{
"type":"integer",
"optional":true
},
"TLP":{
"type":"string",
"enum":["white","green","amber","red"],
"optional":true
}
}
}