-
Notifications
You must be signed in to change notification settings - Fork 2
/
abuse_bot-infection_unstable.json
87 lines (87 loc) · 2.34 KB
/
abuse_bot-infection_unstable.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{
"description":"A report for systems which are infected with a bot",
"type":"object",
"properties":{
"Reported-From":{
"type":"string",
"format":"email"
},
"Report-ID":{
"type":"string",
"format":"email"
},
"Category":{
"type":"string",
"enum":["abuse"]
},
"Report-Type":{
"type":"string",
"enum":["bot-infection"]
},
"Destination":{
"type":"string",
"optional":true,
"requires":"Destination-Type"
},
"Destination-Type":{
"type":"string",
"enum":["ipv4","ipv6","ip-address"],
"optional":true
},
"User-Agent":{
"description":"This field describes the software which generated this report email, this is not necessarily software used on the targeted system",
"type":"string"
},
"Date":{
"type":"string",
"format":"date-time"
},
"Source":{
"description":"This field describes the source-ip where the bot infection is hosted",
"type":"string"
},
"Source-Type":{
"type":"string",
"enum":["ipv4","ipv6","ip-address"]
},
"Source-Port":{
"description":"This field describes the source-port from which the bot infected host communicated",
"type":"integer",
"optional":true
},
"Feedback-Link":{
"description":"May provide a feedback link for the receiver",
"type":"string",
"format":"uri",
"optional":true
},
"Bot-Name":{
"type":"string"
},
"Malware-MD5":{
"type":"string",
"optional":true
},
"Attachment":{
"type":"string",
"enum":["none","text/plain"]
},
"Schema-URL":{
"type":"string",
"format":"uri"
},
"Version":{
"type":"number",
"optional":true
},
"Occurrences":{
"type":"integer",
"optional":true
},
"TLP":{
"type":"string",
"enum":["white","green","amber","red"],
"optional":true
}
}
}