abuse_malware-attack_0.1.0.json

{
 "description":"A report for an abusive attack carried out by a malware",
 "type":"object",
 "properties":{
  "Reported-From":{
    "type":"string",
    "format":"email"
  },
  "Report-ID":{
    "type":"string",
    "format":"email"
  },
  "Category":{
     "type":"string",
     "enum":["abuse"]
  },
  "Report-Type":{
     "description":"This field follows - in brief - the overall description above",
     "type":"string",
     "enum":["malware-attack"]
  },
  "Destination-System":{
     "description":"This field describes - more or less exactly - the targeted system which provides the evidence laid down in this report",
     "type":"string",
     "enum":["real-world","honeypot","spamtrap","honeyd","nepenthes"],
     "optional":true
   },
  "User-Agent":{
     "description":"This field describes the software which generated this report email, this is not necessarily software used on the targeted system",
     "type":"string"
   },
   "Date":{
     "type":"string",
     "format":"date-time"
   },
   "Source":{
     "description":"This field describes the source-ip of the infection, no matter how the attack was carried out",
     "type":"string"
   },
   "Source-Type":{
     "type":"string",
     "enum":["ipv4","ipv6","ip-address"]
   },
   "Download-Link":{
     "type":"string", 
     "format":"uri",
     "optional":true
   },
   "Malware-MD5":{
     "type":"string",
     "optional":true
   },
   "Antivirus-Result":{
     "type":"string",
     "optional":true
   },
   "Antivirus-Vendor":{
     "type":"string",
     "optional":true,
     "requires":"Antivirus-Result"
   },
   "Attachment":{
     "description":"An attachment should provide information about how and from where the malware infection took place if not already evident by the yaml report information",
     "type":"string",
     "enum":["NO","text/plain", "message/rfc822"]
   },
   "Schema-URL":{
     "type":"string",
     "format":"uri"
   }
  }
}