2020-07-10 02:13:53 +02:00
|
|
|
"""
|
|
|
|
STIX 2.1 open vocabularies and enums
|
|
|
|
"""
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
|
|
|
|
ACCOUNT_TYPE_FACEBOOK = "facebook"
|
|
|
|
ACCOUNT_TYPE_LDAP = "ldap"
|
|
|
|
ACCOUNT_TYPE_NIS = "nis"
|
|
|
|
ACCOUNT_TYPE_OPENID = "openid"
|
|
|
|
ACCOUNT_TYPE_RADIUS = "radius"
|
|
|
|
ACCOUNT_TYPE_SKYPE = "skype"
|
|
|
|
ACCOUNT_TYPE_TACACS = "tacacs"
|
|
|
|
ACCOUNT_TYPE_TWITTER = "twitter"
|
|
|
|
ACCOUNT_TYPE_UNIX = "unix"
|
|
|
|
ACCOUNT_TYPE_WINDOWS_LOCAL = "windows-local"
|
|
|
|
ACCOUNT_TYPE_WINDOWS_DOMAIN = "windows-domain"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
ACCOUNT_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
ACCOUNT_TYPE_FACEBOOK,
|
|
|
|
ACCOUNT_TYPE_LDAP,
|
|
|
|
ACCOUNT_TYPE_NIS,
|
|
|
|
ACCOUNT_TYPE_OPENID,
|
|
|
|
ACCOUNT_TYPE_RADIUS,
|
|
|
|
ACCOUNT_TYPE_SKYPE,
|
|
|
|
ACCOUNT_TYPE_TACACS,
|
|
|
|
ACCOUNT_TYPE_TWITTER,
|
|
|
|
ACCOUNT_TYPE_UNIX,
|
|
|
|
ACCOUNT_TYPE_WINDOWS_LOCAL,
|
|
|
|
ACCOUNT_TYPE_WINDOWS_DOMAIN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
ATTACK_MOTIVATION_ACCIDENTAL = "accidental"
|
|
|
|
ATTACK_MOTIVATION_COERCION = "coercion"
|
|
|
|
ATTACK_MOTIVATION_DOMINANCE = "dominance"
|
|
|
|
ATTACK_MOTIVATION_IDEOLOGY = "ideology"
|
|
|
|
ATTACK_MOTIVATION_NOTORIETY = "notoriety"
|
|
|
|
ATTACK_MOTIVATION_ORGANIZATIONAL_GAIN = "organizational-gain"
|
|
|
|
ATTACK_MOTIVATION_PERSONAL_GAIN = "personal-gain"
|
|
|
|
ATTACK_MOTIVATION_PERSONAL_SATISFACTION = "personal-satisfaction"
|
|
|
|
ATTACK_MOTIVATION_REVENGE = "revenge"
|
|
|
|
ATTACK_MOTIVATION_UNPREDICTABLE = "unpredictable"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
ATTACK_MOTIVATION = [
|
2021-04-16 04:06:57 +02:00
|
|
|
ATTACK_MOTIVATION_ACCIDENTAL,
|
|
|
|
ATTACK_MOTIVATION_COERCION,
|
|
|
|
ATTACK_MOTIVATION_DOMINANCE,
|
|
|
|
ATTACK_MOTIVATION_IDEOLOGY,
|
|
|
|
ATTACK_MOTIVATION_NOTORIETY,
|
|
|
|
ATTACK_MOTIVATION_ORGANIZATIONAL_GAIN,
|
|
|
|
ATTACK_MOTIVATION_PERSONAL_GAIN,
|
|
|
|
ATTACK_MOTIVATION_PERSONAL_SATISFACTION,
|
|
|
|
ATTACK_MOTIVATION_REVENGE,
|
|
|
|
ATTACK_MOTIVATION_UNPREDICTABLE,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
ATTACK_RESOURCE_LEVEL_INDIVIDUAL = "individual"
|
|
|
|
ATTACK_RESOURCE_LEVEL_CLUB = "club"
|
|
|
|
ATTACK_RESOURCE_LEVEL_CONTEST = "contest"
|
|
|
|
ATTACK_RESOURCE_LEVEL_TEAM = "team"
|
|
|
|
ATTACK_RESOURCE_LEVEL_ORGANIZATION = "organization"
|
|
|
|
ATTACK_RESOURCE_LEVEL_GOVERNMENT = "government"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
ATTACK_RESOURCE_LEVEL = [
|
2021-04-16 04:06:57 +02:00
|
|
|
ATTACK_RESOURCE_LEVEL_INDIVIDUAL,
|
|
|
|
ATTACK_RESOURCE_LEVEL_CLUB,
|
|
|
|
ATTACK_RESOURCE_LEVEL_CONTEST,
|
|
|
|
ATTACK_RESOURCE_LEVEL_TEAM,
|
|
|
|
ATTACK_RESOURCE_LEVEL_ORGANIZATION,
|
|
|
|
ATTACK_RESOURCE_LEVEL_GOVERNMENT,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
ENCRYPTION_ALGORITHM_AES_256_GCM = "AES-256-GCM"
|
|
|
|
ENCRYPTION_ALGORITHM_CHACHA20_POLY1305 = "ChaCha20-Poly1305"
|
|
|
|
ENCRYPTION_ALGORITHM_MIME_TYPE_INDICATED = "mime-type-indicated"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
ENCRYPTION_ALGORITHM = [
|
2021-04-16 04:06:57 +02:00
|
|
|
ENCRYPTION_ALGORITHM_AES_256_GCM,
|
|
|
|
ENCRYPTION_ALGORITHM_CHACHA20_POLY1305,
|
|
|
|
ENCRYPTION_ALGORITHM_MIME_TYPE_INDICATED,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
GROUPING_CONTEXT_SUSPICIOUS_ACTIVITY = "suspicious-activity"
|
|
|
|
GROUPING_CONTEXT_MALWARE_ANALYSIS = "malware-analysis"
|
|
|
|
GROUPING_CONTEXT_UNSPECIFIED = "unspecified"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
GROUPING_CONTEXT = [
|
2021-04-16 04:06:57 +02:00
|
|
|
GROUPING_CONTEXT_SUSPICIOUS_ACTIVITY,
|
|
|
|
GROUPING_CONTEXT_MALWARE_ANALYSIS,
|
|
|
|
GROUPING_CONTEXT_UNSPECIFIED,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
HASHING_ALGORITHM_MD5 = "MD5"
|
|
|
|
HASHING_ALGORITHM_SHA_1 = "SHA-1"
|
|
|
|
HASHING_ALGORITHM_SHA_256 = "SHA-256"
|
|
|
|
HASHING_ALGORITHM_SHA_512 = "SHA-512"
|
|
|
|
HASHING_ALGORITHM_SHA3_256 = "SHA3-256"
|
|
|
|
HASHING_ALGORITHM_SHA3_512 = "SHA3-512"
|
|
|
|
HASHING_ALGORITHM_SSDEEP = "SSDEEP"
|
|
|
|
HASHING_ALGORITHM_TLSH = "TLSH"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
HASHING_ALGORITHM = [
|
2021-04-16 04:06:57 +02:00
|
|
|
HASHING_ALGORITHM_MD5,
|
|
|
|
HASHING_ALGORITHM_SHA_1,
|
|
|
|
HASHING_ALGORITHM_SHA_256,
|
|
|
|
HASHING_ALGORITHM_SHA_512,
|
|
|
|
HASHING_ALGORITHM_SHA3_256,
|
|
|
|
HASHING_ALGORITHM_SHA3_512,
|
|
|
|
HASHING_ALGORITHM_SSDEEP,
|
|
|
|
HASHING_ALGORITHM_TLSH,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
IDENTITY_CLASS_INDIVIDUAL = "individual"
|
|
|
|
IDENTITY_CLASS_GROUP = "group"
|
|
|
|
IDENTITY_CLASS_SYSTEM = "system"
|
|
|
|
IDENTITY_CLASS_ORGANIZATION = "organization"
|
|
|
|
IDENTITY_CLASS_CLASS = "class"
|
|
|
|
IDENTITY_CLASS_UNKNOWN = "unknown"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
IDENTITY_CLASS = [
|
2021-04-16 04:06:57 +02:00
|
|
|
IDENTITY_CLASS_INDIVIDUAL,
|
|
|
|
IDENTITY_CLASS_GROUP,
|
|
|
|
IDENTITY_CLASS_SYSTEM,
|
|
|
|
IDENTITY_CLASS_ORGANIZATION,
|
|
|
|
IDENTITY_CLASS_CLASS,
|
|
|
|
IDENTITY_CLASS_UNKNOWN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
IMPLEMENTATION_LANGUAGE_APPLESCRIPT = "applescript"
|
|
|
|
IMPLEMENTATION_LANGUAGE_BASH = "bash"
|
|
|
|
IMPLEMENTATION_LANGUAGE_C = "c"
|
|
|
|
IMPLEMENTATION_LANGUAGE_CPLUSPLUS = "c++"
|
|
|
|
IMPLEMENTATION_LANGUAGE_CSHARP = "c#"
|
|
|
|
IMPLEMENTATION_LANGUAGE_GO = "go"
|
|
|
|
IMPLEMENTATION_LANGUAGE_JAVA = "java"
|
|
|
|
IMPLEMENTATION_LANGUAGE_JAVASCRIPT = "javascript"
|
|
|
|
IMPLEMENTATION_LANGUAGE_LUA = "lua"
|
|
|
|
IMPLEMENTATION_LANGUAGE_OBJECTIVE_C = "objective-c"
|
|
|
|
IMPLEMENTATION_LANGUAGE_PERL = "perl"
|
|
|
|
IMPLEMENTATION_LANGUAGE_PHP = "php"
|
|
|
|
IMPLEMENTATION_LANGUAGE_POWERSHELL = "powershell"
|
|
|
|
IMPLEMENTATION_LANGUAGE_PYTHON = "python"
|
|
|
|
IMPLEMENTATION_LANGUAGE_RUBY = "ruby"
|
|
|
|
IMPLEMENTATION_LANGUAGE_SCALA = "scala"
|
|
|
|
IMPLEMENTATION_LANGUAGE_SWIFT = "swift"
|
|
|
|
IMPLEMENTATION_LANGUAGE_TYPESCRIPT = "typescript"
|
|
|
|
IMPLEMENTATION_LANGUAGE_VISUAL_BASIC = "visual-basic"
|
|
|
|
IMPLEMENTATION_LANGUAGE_X86_32 = "x86-32"
|
|
|
|
IMPLEMENTATION_LANGUAGE_X86_64 = "x86-64"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
IMPLEMENTATION_LANGUAGE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
IMPLEMENTATION_LANGUAGE_APPLESCRIPT,
|
|
|
|
IMPLEMENTATION_LANGUAGE_BASH,
|
|
|
|
IMPLEMENTATION_LANGUAGE_C,
|
|
|
|
IMPLEMENTATION_LANGUAGE_CPLUSPLUS,
|
|
|
|
IMPLEMENTATION_LANGUAGE_CSHARP,
|
|
|
|
IMPLEMENTATION_LANGUAGE_GO,
|
|
|
|
IMPLEMENTATION_LANGUAGE_JAVA,
|
|
|
|
IMPLEMENTATION_LANGUAGE_JAVASCRIPT,
|
|
|
|
IMPLEMENTATION_LANGUAGE_LUA,
|
|
|
|
IMPLEMENTATION_LANGUAGE_OBJECTIVE_C,
|
|
|
|
IMPLEMENTATION_LANGUAGE_PERL,
|
|
|
|
IMPLEMENTATION_LANGUAGE_PHP,
|
|
|
|
IMPLEMENTATION_LANGUAGE_POWERSHELL,
|
|
|
|
IMPLEMENTATION_LANGUAGE_PYTHON,
|
|
|
|
IMPLEMENTATION_LANGUAGE_RUBY,
|
|
|
|
IMPLEMENTATION_LANGUAGE_SCALA,
|
|
|
|
IMPLEMENTATION_LANGUAGE_SWIFT,
|
|
|
|
IMPLEMENTATION_LANGUAGE_TYPESCRIPT,
|
|
|
|
IMPLEMENTATION_LANGUAGE_VISUAL_BASIC,
|
|
|
|
IMPLEMENTATION_LANGUAGE_X86_32,
|
|
|
|
IMPLEMENTATION_LANGUAGE_X86_64,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
INDICATOR_TYPE_ANOMALOUS_ACTIVITY = "anomalous-activity"
|
|
|
|
INDICATOR_TYPE_ANONYMIZATION = "anonymization"
|
|
|
|
INDICATOR_TYPE_BENIGN = "benign"
|
|
|
|
INDICATOR_TYPE_COMPROMISED = "compromised"
|
|
|
|
INDICATOR_TYPE_MALICIOUS_ACTIVITY = "malicious-activity"
|
|
|
|
INDICATOR_TYPE_ATTRIBUTION = "attribution"
|
|
|
|
INDICATOR_TYPE_UNKNOWN = "unknown"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
INDICATOR_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
INDICATOR_TYPE_ANOMALOUS_ACTIVITY,
|
|
|
|
INDICATOR_TYPE_ANONYMIZATION,
|
|
|
|
INDICATOR_TYPE_BENIGN,
|
|
|
|
INDICATOR_TYPE_COMPROMISED,
|
|
|
|
INDICATOR_TYPE_MALICIOUS_ACTIVITY,
|
|
|
|
INDICATOR_TYPE_ATTRIBUTION,
|
|
|
|
INDICATOR_TYPE_UNKNOWN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
INDUSTRY_SECTOR_AGRICULTURE = "agriculture"
|
|
|
|
INDUSTRY_SECTOR_AEROSPACE = "aerospace"
|
|
|
|
INDUSTRY_SECTOR_AUTOMOTIVE = "automotive"
|
|
|
|
INDUSTRY_SECTOR_CHEMICAL = "chemical"
|
|
|
|
INDUSTRY_SECTOR_COMMERCIAL = "commercial"
|
|
|
|
INDUSTRY_SECTOR_COMMUNICATIONS = "communications"
|
|
|
|
INDUSTRY_SECTOR_CONSTRUCTION = "construction"
|
|
|
|
INDUSTRY_SECTOR_DEFENSE = "defense"
|
|
|
|
INDUSTRY_SECTOR_EDUCATION = "education"
|
|
|
|
INDUSTRY_SECTOR_ENERGY = "energy"
|
|
|
|
INDUSTRY_SECTOR_ENTERTAINMENT = "entertainment"
|
|
|
|
INDUSTRY_SECTOR_FINANCIAL_SERVICES = "financial-services"
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT = "government"
|
|
|
|
INDUSTRY_SECTOR_EMERGENCY_SERVICES = "emergency-services"
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_NATIONAL = "government-national"
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_REGIONAL = "government-regional"
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_LOCAL = "government-local"
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_PUBLIC_SERVICES = "government-public-services"
|
|
|
|
INDUSTRY_SECTOR_HEALTHCARE = "healthcare"
|
|
|
|
INDUSTRY_SECTOR_HOSPITALITY_LEISURE = "hospitality-leisure"
|
|
|
|
INDUSTRY_SECTOR_INFRASTRUCTURE = "infrastructure"
|
|
|
|
INDUSTRY_SECTOR_DAMS = "dams"
|
|
|
|
INDUSTRY_SECTOR_NUCLEAR = "nuclear"
|
|
|
|
INDUSTRY_SECTOR_WATER = "water"
|
|
|
|
INDUSTRY_SECTOR_INSURANCE = "insurance"
|
|
|
|
INDUSTRY_SECTOR_MANUFACTURING = "manufacturing"
|
|
|
|
INDUSTRY_SECTOR_MINING = "mining"
|
|
|
|
INDUSTRY_SECTOR_NON_PROFIT = "non-profit"
|
|
|
|
INDUSTRY_SECTOR_PHARMACEUTICALS = "pharmaceuticals"
|
|
|
|
INDUSTRY_SECTOR_RETAIL = "retail"
|
|
|
|
INDUSTRY_SECTOR_TECHNOLOGY = "technology"
|
|
|
|
INDUSTRY_SECTOR_TELECOMMUNICATIONS = "telecommunications"
|
|
|
|
INDUSTRY_SECTOR_TRANSPORTATION = "transportation"
|
|
|
|
INDUSTRY_SECTOR_UTILITIES = "utilities"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
INDUSTRY_SECTOR = [
|
2021-04-16 04:06:57 +02:00
|
|
|
INDUSTRY_SECTOR_AGRICULTURE,
|
|
|
|
INDUSTRY_SECTOR_AEROSPACE,
|
|
|
|
INDUSTRY_SECTOR_AUTOMOTIVE,
|
|
|
|
INDUSTRY_SECTOR_CHEMICAL,
|
|
|
|
INDUSTRY_SECTOR_COMMERCIAL,
|
|
|
|
INDUSTRY_SECTOR_COMMUNICATIONS,
|
|
|
|
INDUSTRY_SECTOR_CONSTRUCTION,
|
|
|
|
INDUSTRY_SECTOR_DEFENSE,
|
|
|
|
INDUSTRY_SECTOR_EDUCATION,
|
|
|
|
INDUSTRY_SECTOR_ENERGY,
|
|
|
|
INDUSTRY_SECTOR_ENTERTAINMENT,
|
|
|
|
INDUSTRY_SECTOR_FINANCIAL_SERVICES,
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT,
|
|
|
|
INDUSTRY_SECTOR_EMERGENCY_SERVICES,
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_NATIONAL,
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_REGIONAL,
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_LOCAL,
|
|
|
|
INDUSTRY_SECTOR_GOVERNMENT_PUBLIC_SERVICES,
|
|
|
|
INDUSTRY_SECTOR_HEALTHCARE,
|
|
|
|
INDUSTRY_SECTOR_HOSPITALITY_LEISURE,
|
|
|
|
INDUSTRY_SECTOR_INFRASTRUCTURE,
|
|
|
|
INDUSTRY_SECTOR_DAMS,
|
|
|
|
INDUSTRY_SECTOR_NUCLEAR,
|
|
|
|
INDUSTRY_SECTOR_WATER,
|
|
|
|
INDUSTRY_SECTOR_INSURANCE,
|
|
|
|
INDUSTRY_SECTOR_MANUFACTURING,
|
|
|
|
INDUSTRY_SECTOR_MINING,
|
|
|
|
INDUSTRY_SECTOR_NON_PROFIT,
|
|
|
|
INDUSTRY_SECTOR_PHARMACEUTICALS,
|
|
|
|
INDUSTRY_SECTOR_RETAIL,
|
|
|
|
INDUSTRY_SECTOR_TECHNOLOGY,
|
|
|
|
INDUSTRY_SECTOR_TELECOMMUNICATIONS,
|
|
|
|
INDUSTRY_SECTOR_TRANSPORTATION,
|
|
|
|
INDUSTRY_SECTOR_UTILITIES,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
INFRASTRUCTURE_TYPE_AMPLIFICATION = "amplification"
|
|
|
|
INFRASTRUCTURE_TYPE_ANONYMIZATION = "anonymization"
|
|
|
|
INFRASTRUCTURE_TYPE_BOTNET = "botnet"
|
|
|
|
INFRASTRUCTURE_TYPE_COMMAND_AND_CONTROL = "command-and-control"
|
|
|
|
INFRASTRUCTURE_TYPE_EXFILTRATION = "exfiltration"
|
|
|
|
INFRASTRUCTURE_TYPE_HOSTING_MALWARE = "hosting-malware"
|
|
|
|
INFRASTRUCTURE_TYPE_HOSTING_TARGET_LISTS = "hosting-target-lists"
|
|
|
|
INFRASTRUCTURE_TYPE_PHISHING = "phishing"
|
|
|
|
INFRASTRUCTURE_TYPE_RECONNAISSANCE = "reconnaissance"
|
|
|
|
INFRASTRUCTURE_TYPE_STAGING = "staging"
|
|
|
|
INFRASTRUCTURE_TYPE_UNKNOWN = "unknown"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
INFRASTRUCTURE_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
INFRASTRUCTURE_TYPE_AMPLIFICATION,
|
|
|
|
INFRASTRUCTURE_TYPE_ANONYMIZATION,
|
|
|
|
INFRASTRUCTURE_TYPE_BOTNET,
|
|
|
|
INFRASTRUCTURE_TYPE_COMMAND_AND_CONTROL,
|
|
|
|
INFRASTRUCTURE_TYPE_EXFILTRATION,
|
|
|
|
INFRASTRUCTURE_TYPE_HOSTING_MALWARE,
|
|
|
|
INFRASTRUCTURE_TYPE_HOSTING_TARGET_LISTS,
|
|
|
|
INFRASTRUCTURE_TYPE_PHISHING,
|
|
|
|
INFRASTRUCTURE_TYPE_RECONNAISSANCE,
|
|
|
|
INFRASTRUCTURE_TYPE_STAGING,
|
|
|
|
INFRASTRUCTURE_TYPE_UNKNOWN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
MALWARE_RESULT_MALICIOUS = "malicious"
|
|
|
|
MALWARE_RESULT_SUSPICIOUS = "suspicious"
|
|
|
|
MALWARE_RESULT_BENIGN = "benign"
|
|
|
|
MALWARE_RESULT_UNKNOWN = "unknown"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
MALWARE_RESULT = [
|
2021-04-16 04:06:57 +02:00
|
|
|
MALWARE_RESULT_MALICIOUS,
|
|
|
|
MALWARE_RESULT_SUSPICIOUS,
|
|
|
|
MALWARE_RESULT_BENIGN,
|
|
|
|
MALWARE_RESULT_UNKNOWN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
MALWARE_CAPABILITIES_ACCESSES_REMOTE_MACHINES = "accesses-remote-machines"
|
|
|
|
MALWARE_CAPABILITIES_ANTI_DEBUGGING = "anti-debugging"
|
|
|
|
MALWARE_CAPABILITIES_ANTI_DISASSEMBLY = "anti-disassembly"
|
|
|
|
MALWARE_CAPABILITIES_ANTI_EMULATION = "anti-emulation"
|
|
|
|
MALWARE_CAPABILITIES_ANTI_MEMORY_FORENSICS = "anti-memory-forensics"
|
|
|
|
MALWARE_CAPABILITIES_ANTI_SANDBOX = "anti-sandbox"
|
|
|
|
MALWARE_CAPABILITIES_ANTI_VM = "anti-vm"
|
|
|
|
MALWARE_CAPABILITIES_CAPTURES_INPUT_PERIPHERALS = "captures-input-peripherals"
|
|
|
|
MALWARE_CAPABILITIES_CAPTURES_OUTPUT_PERIPHERALS = "captures-output-peripherals"
|
|
|
|
MALWARE_CAPABILITIES_CAPTURES_SYSTEM_STATE_DATA = "captures-system-state-data"
|
|
|
|
MALWARE_CAPABILITIES_CLEANS_TRACES_OF_INFECTION = "cleans-traces-of-infection"
|
|
|
|
MALWARE_CAPABILITIES_COMMITS_FRAUD = "commits-fraud"
|
|
|
|
MALWARE_CAPABILITIES_COMMUNICATES_WITH_C2 = "communicates-with-c2"
|
|
|
|
MALWARE_CAPABILITIES_COMPROMISES_DATA_AVAILABILITY = "compromises-data-availability"
|
|
|
|
MALWARE_CAPABILITIES_COMPROMISES_DATA_INTEGRITY = "compromises-data-integrity"
|
|
|
|
MALWARE_CAPABILITIES_COMPROMISES_SYSTEM_AVAILABILITY = "compromises-system-availability"
|
|
|
|
MALWARE_CAPABILITIES_CONTROLS_LOCAL_MACHINE = "controls-local-machine"
|
|
|
|
MALWARE_CAPABILITIES_DEGRADES_SECURITY_SOFTWARE = "degrades-security-software"
|
|
|
|
MALWARE_CAPABILITIES_DEGRADES_SYSTEM_UPDATES = "degrades-system-updates"
|
|
|
|
MALWARE_CAPABILITIES_DETERMINES_C2_SERVER = "determines-c2-server"
|
|
|
|
MALWARE_CAPABILITIES_EMAILS_SPAM = "emails-spam"
|
|
|
|
MALWARE_CAPABILITIES_ESCALATES_PRIVILEGES = "escalates-privileges"
|
|
|
|
MALWARE_CAPABILITIES_EVADES_AV = "evades-av"
|
|
|
|
MALWARE_CAPABILITIES_EXFILTRATES_DATA = "exfiltrates-data"
|
|
|
|
MALWARE_CAPABILITIES_FINGERPRINTS_HOST = "fingerprints-host"
|
|
|
|
MALWARE_CAPABILITIES_HIDES_ARTIFACTS = "hides-artifacts"
|
|
|
|
MALWARE_CAPABILITIES_HIDES_EXECUTING_CODE = "hides-executing-code"
|
|
|
|
MALWARE_CAPABILITIES_INFECTS_FILES = "infects-files"
|
|
|
|
MALWARE_CAPABILITIES_INFECTS_REMOTE_MACHINES = "infects-remote-machines"
|
|
|
|
MALWARE_CAPABILITIES_INSTALLS_OTHER_COMPONENTS = "installs-other-components"
|
|
|
|
MALWARE_CAPABILITIES_PERSISTS_AFTER_SYSTEM_REBOOT = "persists-after-system-reboot"
|
|
|
|
MALWARE_CAPABILITIES_PREVENTS_ARTIFACT_ACCESS = "prevents-artifact-access"
|
|
|
|
MALWARE_CAPABILITIES_PREVENTS_ARTIFACT_DELETION = "prevents-artifact-deletion"
|
|
|
|
MALWARE_CAPABILITIES_PROBES_NETWORK_ENVIRONMENT = "probes-network-environment"
|
|
|
|
MALWARE_CAPABILITIES_SELF_MODIFIES = "self-modifies"
|
|
|
|
MALWARE_CAPABILITIES_STEALS_AUTHENTICATION_CREDENTIALS = "steals-authentication-credentials"
|
|
|
|
MALWARE_CAPABILITIES_VIOLATES_SYSTEM_OPERATIONAL_INTEGRITY = "violates-system-operational-integrity"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
MALWARE_CAPABILITIES = [
|
2021-04-16 04:06:57 +02:00
|
|
|
MALWARE_CAPABILITIES_ACCESSES_REMOTE_MACHINES,
|
|
|
|
MALWARE_CAPABILITIES_ANTI_DEBUGGING,
|
|
|
|
MALWARE_CAPABILITIES_ANTI_DISASSEMBLY,
|
|
|
|
MALWARE_CAPABILITIES_ANTI_EMULATION,
|
|
|
|
MALWARE_CAPABILITIES_ANTI_MEMORY_FORENSICS,
|
|
|
|
MALWARE_CAPABILITIES_ANTI_SANDBOX,
|
|
|
|
MALWARE_CAPABILITIES_ANTI_VM,
|
|
|
|
MALWARE_CAPABILITIES_CAPTURES_INPUT_PERIPHERALS,
|
|
|
|
MALWARE_CAPABILITIES_CAPTURES_OUTPUT_PERIPHERALS,
|
|
|
|
MALWARE_CAPABILITIES_CAPTURES_SYSTEM_STATE_DATA,
|
|
|
|
MALWARE_CAPABILITIES_CLEANS_TRACES_OF_INFECTION,
|
|
|
|
MALWARE_CAPABILITIES_COMMITS_FRAUD,
|
|
|
|
MALWARE_CAPABILITIES_COMMUNICATES_WITH_C2,
|
|
|
|
MALWARE_CAPABILITIES_COMPROMISES_DATA_AVAILABILITY,
|
|
|
|
MALWARE_CAPABILITIES_COMPROMISES_DATA_INTEGRITY,
|
|
|
|
MALWARE_CAPABILITIES_COMPROMISES_SYSTEM_AVAILABILITY,
|
|
|
|
MALWARE_CAPABILITIES_CONTROLS_LOCAL_MACHINE,
|
|
|
|
MALWARE_CAPABILITIES_DEGRADES_SECURITY_SOFTWARE,
|
|
|
|
MALWARE_CAPABILITIES_DEGRADES_SYSTEM_UPDATES,
|
|
|
|
MALWARE_CAPABILITIES_DETERMINES_C2_SERVER,
|
|
|
|
MALWARE_CAPABILITIES_EMAILS_SPAM,
|
|
|
|
MALWARE_CAPABILITIES_ESCALATES_PRIVILEGES,
|
|
|
|
MALWARE_CAPABILITIES_EVADES_AV,
|
|
|
|
MALWARE_CAPABILITIES_EXFILTRATES_DATA,
|
|
|
|
MALWARE_CAPABILITIES_FINGERPRINTS_HOST,
|
|
|
|
MALWARE_CAPABILITIES_HIDES_ARTIFACTS,
|
|
|
|
MALWARE_CAPABILITIES_HIDES_EXECUTING_CODE,
|
|
|
|
MALWARE_CAPABILITIES_INFECTS_FILES,
|
|
|
|
MALWARE_CAPABILITIES_INFECTS_REMOTE_MACHINES,
|
|
|
|
MALWARE_CAPABILITIES_INSTALLS_OTHER_COMPONENTS,
|
|
|
|
MALWARE_CAPABILITIES_PERSISTS_AFTER_SYSTEM_REBOOT,
|
|
|
|
MALWARE_CAPABILITIES_PREVENTS_ARTIFACT_ACCESS,
|
|
|
|
MALWARE_CAPABILITIES_PREVENTS_ARTIFACT_DELETION,
|
|
|
|
MALWARE_CAPABILITIES_PROBES_NETWORK_ENVIRONMENT,
|
|
|
|
MALWARE_CAPABILITIES_SELF_MODIFIES,
|
|
|
|
MALWARE_CAPABILITIES_STEALS_AUTHENTICATION_CREDENTIALS,
|
|
|
|
MALWARE_CAPABILITIES_VIOLATES_SYSTEM_OPERATIONAL_INTEGRITY,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
MALWARE_TYPE_ADWARE = "adware"
|
|
|
|
MALWARE_TYPE_BACKDOOR = "backdoor"
|
|
|
|
MALWARE_TYPE_BOT = "bot"
|
|
|
|
MALWARE_TYPE_BOOTKIT = "bootkit"
|
|
|
|
MALWARE_TYPE_DDOS = "ddos"
|
|
|
|
MALWARE_TYPE_DOWNLOADER = "downloader"
|
|
|
|
MALWARE_TYPE_DROPPER = "dropper"
|
|
|
|
MALWARE_TYPE_EXPLOIT_KIT = "exploit-kit"
|
|
|
|
MALWARE_TYPE_KEYLOGGER = "keylogger"
|
|
|
|
MALWARE_TYPE_RANSOMWARE = "ransomware"
|
|
|
|
MALWARE_TYPE_REMOTE_ACCESS_TROJAN = "remote-access-trojan"
|
|
|
|
MALWARE_TYPE_RESOURCE_EXPLOITATION = "resource-exploitation"
|
|
|
|
MALWARE_TYPE_ROGUE_SECURITY_SOFTWARE = "rogue-security-software"
|
|
|
|
MALWARE_TYPE_ROOTKIT = "rootkit"
|
|
|
|
MALWARE_TYPE_SCREEN_CAPTURE = "screen-capture"
|
|
|
|
MALWARE_TYPE_SPYWARE = "spyware"
|
|
|
|
MALWARE_TYPE_TROJAN = "trojan"
|
|
|
|
MALWARE_TYPE_UNKNOWN = "unknown"
|
|
|
|
MALWARE_TYPE_VIRUS = "virus"
|
|
|
|
MALWARE_TYPE_WEBSHELL = "webshell"
|
|
|
|
MALWARE_TYPE_WIPER = "wiper"
|
|
|
|
MALWARE_TYPE_WORM = "worm"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
MALWARE_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
MALWARE_TYPE_ADWARE,
|
|
|
|
MALWARE_TYPE_BACKDOOR,
|
|
|
|
MALWARE_TYPE_BOT,
|
|
|
|
MALWARE_TYPE_BOOTKIT,
|
|
|
|
MALWARE_TYPE_DDOS,
|
|
|
|
MALWARE_TYPE_DOWNLOADER,
|
|
|
|
MALWARE_TYPE_DROPPER,
|
|
|
|
MALWARE_TYPE_EXPLOIT_KIT,
|
|
|
|
MALWARE_TYPE_KEYLOGGER,
|
|
|
|
MALWARE_TYPE_RANSOMWARE,
|
|
|
|
MALWARE_TYPE_REMOTE_ACCESS_TROJAN,
|
|
|
|
MALWARE_TYPE_RESOURCE_EXPLOITATION,
|
|
|
|
MALWARE_TYPE_ROGUE_SECURITY_SOFTWARE,
|
|
|
|
MALWARE_TYPE_ROOTKIT,
|
|
|
|
MALWARE_TYPE_SCREEN_CAPTURE,
|
|
|
|
MALWARE_TYPE_SPYWARE,
|
|
|
|
MALWARE_TYPE_TROJAN,
|
|
|
|
MALWARE_TYPE_UNKNOWN,
|
|
|
|
MALWARE_TYPE_VIRUS,
|
|
|
|
MALWARE_TYPE_WEBSHELL,
|
|
|
|
MALWARE_TYPE_WIPER,
|
|
|
|
MALWARE_TYPE_WORM,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_UNSPEC = "AF_UNSPEC"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_INET = "AF_INET"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_IPX = "AF_IPX"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_APPLETALK = "AF_APPLETALK"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_NETBIOS = "AF_NETBIOS"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_INET6 = "AF_INET6"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_IRDA = "AF_IRDA"
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_BTH = "AF_BTH"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY = [
|
2021-04-16 04:06:57 +02:00
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_UNSPEC,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_INET,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_IPX,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_APPLETALK,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_NETBIOS,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_INET6,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_IRDA,
|
|
|
|
NETWORK_SOCKET_ADDRESS_FAMILY_AF_BTH,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
NETWORK_SOCKET_TYPE_SOCK_STREAM = "SOCK_STREAM"
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_DGRAM = "SOCK_DGRAM"
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_RAW = "SOCK_RAW"
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_RDM = "SOCK_RDM"
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_SEQPACKET = "SOCK_SEQPACKET"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
NETWORK_SOCKET_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
NETWORK_SOCKET_TYPE_SOCK_STREAM,
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_DGRAM,
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_RAW,
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_RDM,
|
|
|
|
NETWORK_SOCKET_TYPE_SOCK_SEQPACKET,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
OPINION_STRONGLY_DISAGREE = "strongly-disagree"
|
|
|
|
OPINION_DISAGREE = "disagree"
|
|
|
|
OPINION_NEUTRAL = "neutral"
|
|
|
|
OPINION_AGREE = "agree"
|
|
|
|
OPINION_STRONGLY_AGREE = "strongly-agree"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
OPINION = [
|
2021-04-16 04:06:57 +02:00
|
|
|
OPINION_STRONGLY_DISAGREE,
|
|
|
|
OPINION_DISAGREE,
|
|
|
|
OPINION_NEUTRAL,
|
|
|
|
OPINION_AGREE,
|
|
|
|
OPINION_STRONGLY_AGREE,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
PATTERN_TYPE_STIX = "stix"
|
|
|
|
PATTERN_TYPE_PCRE = "pcre"
|
|
|
|
PATTERN_TYPE_SIGMA = "sigma"
|
|
|
|
PATTERN_TYPE_SNORT = "snort"
|
|
|
|
PATTERN_TYPE_SURICATA = "suricata"
|
|
|
|
PATTERN_TYPE_YARA = "yara"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
PATTERN_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
PATTERN_TYPE_STIX,
|
|
|
|
PATTERN_TYPE_PCRE,
|
|
|
|
PATTERN_TYPE_SIGMA,
|
|
|
|
PATTERN_TYPE_SNORT,
|
|
|
|
PATTERN_TYPE_SURICATA,
|
|
|
|
PATTERN_TYPE_YARA,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
PROCESSOR_ARCHITECTURE_ALPHA = "alpha"
|
|
|
|
PROCESSOR_ARCHITECTURE_ARM = "arm"
|
|
|
|
PROCESSOR_ARCHITECTURE_IA_64 = "ia-64"
|
|
|
|
PROCESSOR_ARCHITECTURE_MIPS = "mips"
|
|
|
|
PROCESSOR_ARCHITECTURE_POWERPC = "powerpc"
|
|
|
|
PROCESSOR_ARCHITECTURE_SPARC = "sparc"
|
|
|
|
PROCESSOR_ARCHITECTURE_X86 = "x86"
|
|
|
|
PROCESSOR_ARCHITECTURE_X86_64 = "x86-64"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
PROCESSOR_ARCHITECTURE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
PROCESSOR_ARCHITECTURE_ALPHA,
|
|
|
|
PROCESSOR_ARCHITECTURE_ARM,
|
|
|
|
PROCESSOR_ARCHITECTURE_IA_64,
|
|
|
|
PROCESSOR_ARCHITECTURE_MIPS,
|
|
|
|
PROCESSOR_ARCHITECTURE_POWERPC,
|
|
|
|
PROCESSOR_ARCHITECTURE_SPARC,
|
|
|
|
PROCESSOR_ARCHITECTURE_X86,
|
|
|
|
PROCESSOR_ARCHITECTURE_X86_64,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
REGION_AFRICA = "africa"
|
|
|
|
REGION_EASTERN_AFRICA = "eastern-africa"
|
|
|
|
REGION_MIDDLE_AFRICA = "middle-africa"
|
|
|
|
REGION_NORTHERN_AFRICA = "northern-africa"
|
|
|
|
REGION_SOUTHERN_AFRICA = "southern-africa"
|
|
|
|
REGION_WESTERN_AFRICA = "western-africa"
|
|
|
|
REGION_AMERICAS = "americas"
|
|
|
|
REGION_LATIN_AMERICA_CARIBBEAN = "latin-america-caribbean"
|
|
|
|
REGION_SOUTH_AMERICA = "south-america"
|
|
|
|
REGION_CARIBBEAN = "caribbean"
|
|
|
|
REGION_CENTRAL_AMERICA = "central-america"
|
|
|
|
REGION_NORTHERN_AMERICA = "northern-america"
|
|
|
|
REGION_ASIA = "asia"
|
|
|
|
REGION_CENTRAL_ASIA = "central-asia"
|
|
|
|
REGION_EASTERN_ASIA = "eastern-asia"
|
|
|
|
REGION_SOUTHERN_ASIA = "southern-asia"
|
|
|
|
REGION_SOUTH_EASTERN_ASIA = "south-eastern-asia"
|
|
|
|
REGION_WESTERN_ASIA = "western-asia"
|
|
|
|
REGION_EUROPE = "europe"
|
|
|
|
REGION_EASTERN_EUROPE = "eastern-europe"
|
|
|
|
REGION_NORTHERN_EUROPE = "northern-europe"
|
|
|
|
REGION_SOUTHERN_EUROPE = "southern-europe"
|
|
|
|
REGION_WESTERN_EUROPE = "western-europe"
|
|
|
|
REGION_OCEANIA = "oceania"
|
|
|
|
REGION_ANTARCTICA = "antarctica"
|
|
|
|
REGION_AUSTRALIA_NEW_ZEALAND = "australia-new-zealand"
|
|
|
|
REGION_MELANESIA = "melanesia"
|
|
|
|
REGION_MICRONESIA = "micronesia"
|
|
|
|
REGION_POLYNESIA = "polynesia"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
REGION = [
|
2021-04-16 04:06:57 +02:00
|
|
|
REGION_AFRICA,
|
|
|
|
REGION_EASTERN_AFRICA,
|
|
|
|
REGION_MIDDLE_AFRICA,
|
|
|
|
REGION_NORTHERN_AFRICA,
|
|
|
|
REGION_SOUTHERN_AFRICA,
|
|
|
|
REGION_WESTERN_AFRICA,
|
|
|
|
REGION_AMERICAS,
|
|
|
|
REGION_LATIN_AMERICA_CARIBBEAN,
|
|
|
|
REGION_SOUTH_AMERICA,
|
|
|
|
REGION_CARIBBEAN,
|
|
|
|
REGION_CENTRAL_AMERICA,
|
|
|
|
REGION_NORTHERN_AMERICA,
|
|
|
|
REGION_ASIA,
|
|
|
|
REGION_CENTRAL_ASIA,
|
|
|
|
REGION_EASTERN_ASIA,
|
|
|
|
REGION_SOUTHERN_ASIA,
|
|
|
|
REGION_SOUTH_EASTERN_ASIA,
|
|
|
|
REGION_WESTERN_ASIA,
|
|
|
|
REGION_EUROPE,
|
|
|
|
REGION_EASTERN_EUROPE,
|
|
|
|
REGION_NORTHERN_EUROPE,
|
|
|
|
REGION_SOUTHERN_EUROPE,
|
|
|
|
REGION_WESTERN_EUROPE,
|
|
|
|
REGION_OCEANIA,
|
|
|
|
REGION_ANTARCTICA,
|
|
|
|
REGION_AUSTRALIA_NEW_ZEALAND,
|
|
|
|
REGION_MELANESIA,
|
|
|
|
REGION_MICRONESIA,
|
|
|
|
REGION_POLYNESIA,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
REPORT_TYPE_ATTACK_PATTERN = "attack-pattern"
|
|
|
|
REPORT_TYPE_CAMPAIGN = "campaign"
|
|
|
|
REPORT_TYPE_IDENTITY = "identity"
|
|
|
|
REPORT_TYPE_INDICATOR = "indicator"
|
|
|
|
REPORT_TYPE_INTRUSION_SET = "intrusion-set"
|
|
|
|
REPORT_TYPE_MALWARE = "malware"
|
|
|
|
REPORT_TYPE_OBSERVED_DATA = "observed-data"
|
|
|
|
REPORT_TYPE_THREAT_ACTOR = "threat-actor"
|
|
|
|
REPORT_TYPE_THREAT_REPORT = "threat-report"
|
|
|
|
REPORT_TYPE_TOOL = "tool"
|
|
|
|
REPORT_TYPE_VULNERABILITY = "vulnerability"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
REPORT_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
REPORT_TYPE_ATTACK_PATTERN,
|
|
|
|
REPORT_TYPE_CAMPAIGN,
|
|
|
|
REPORT_TYPE_IDENTITY,
|
|
|
|
REPORT_TYPE_INDICATOR,
|
|
|
|
REPORT_TYPE_INTRUSION_SET,
|
|
|
|
REPORT_TYPE_MALWARE,
|
|
|
|
REPORT_TYPE_OBSERVED_DATA,
|
|
|
|
REPORT_TYPE_THREAT_ACTOR,
|
|
|
|
REPORT_TYPE_THREAT_REPORT,
|
|
|
|
REPORT_TYPE_TOOL,
|
|
|
|
REPORT_TYPE_VULNERABILITY,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
THREAT_ACTOR_TYPE_ACTIVIST = "activist"
|
|
|
|
THREAT_ACTOR_TYPE_COMPETITOR = "competitor"
|
|
|
|
THREAT_ACTOR_TYPE_CRIME_SYNDICATE = "crime-syndicate"
|
|
|
|
THREAT_ACTOR_TYPE_CRIMINAL = "criminal"
|
|
|
|
THREAT_ACTOR_TYPE_HACKER = "hacker"
|
|
|
|
THREAT_ACTOR_TYPE_INSIDER_ACCIDENTAL = "insider-accidental"
|
|
|
|
THREAT_ACTOR_TYPE_INSIDER_DISGRUNTLED = "insider-disgruntled"
|
|
|
|
THREAT_ACTOR_TYPE_NATION_STATE = "nation-state"
|
|
|
|
THREAT_ACTOR_TYPE_SENSATIONALIST = "sensationalist"
|
|
|
|
THREAT_ACTOR_TYPE_SPY = "spy"
|
|
|
|
THREAT_ACTOR_TYPE_TERRORIST = "terrorist"
|
|
|
|
THREAT_ACTOR_TYPE_UNKNOWN = "unknown"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
THREAT_ACTOR_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
THREAT_ACTOR_TYPE_ACTIVIST,
|
|
|
|
THREAT_ACTOR_TYPE_COMPETITOR,
|
|
|
|
THREAT_ACTOR_TYPE_CRIME_SYNDICATE,
|
|
|
|
THREAT_ACTOR_TYPE_CRIMINAL,
|
|
|
|
THREAT_ACTOR_TYPE_HACKER,
|
|
|
|
THREAT_ACTOR_TYPE_INSIDER_ACCIDENTAL,
|
|
|
|
THREAT_ACTOR_TYPE_INSIDER_DISGRUNTLED,
|
|
|
|
THREAT_ACTOR_TYPE_NATION_STATE,
|
|
|
|
THREAT_ACTOR_TYPE_SENSATIONALIST,
|
|
|
|
THREAT_ACTOR_TYPE_SPY,
|
|
|
|
THREAT_ACTOR_TYPE_TERRORIST,
|
|
|
|
THREAT_ACTOR_TYPE_UNKNOWN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
THREAT_ACTOR_ROLE_AGENT = "agent"
|
|
|
|
THREAT_ACTOR_ROLE_DIRECTOR = "director"
|
|
|
|
THREAT_ACTOR_ROLE_INDEPENDENT = "independent"
|
|
|
|
THREAT_ACTOR_ROLE_INFRASTRUCTURE_ARCHITECT = "infrastructure-architect"
|
|
|
|
THREAT_ACTOR_ROLE_INFRASTRUCTURE_OPERATOR = "infrastructure-operator"
|
|
|
|
THREAT_ACTOR_ROLE_MALWARE_AUTHOR = "malware-author"
|
|
|
|
THREAT_ACTOR_ROLE_SPONSOR = "sponsor"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
THREAT_ACTOR_ROLE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
THREAT_ACTOR_ROLE_AGENT,
|
|
|
|
THREAT_ACTOR_ROLE_DIRECTOR,
|
|
|
|
THREAT_ACTOR_ROLE_INDEPENDENT,
|
|
|
|
THREAT_ACTOR_ROLE_INFRASTRUCTURE_ARCHITECT,
|
|
|
|
THREAT_ACTOR_ROLE_INFRASTRUCTURE_OPERATOR,
|
|
|
|
THREAT_ACTOR_ROLE_MALWARE_AUTHOR,
|
|
|
|
THREAT_ACTOR_ROLE_SPONSOR,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
THREAT_ACTOR_SOPHISTICATION_NONE = "none"
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_MINIMAL = "minimal"
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_INTERMEDIATE = "intermediate"
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_ADVANCED = "advanced"
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_EXPERT = "expert"
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_INNOVATOR = "innovator"
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_STRATEGIC = "strategic"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
THREAT_ACTOR_SOPHISTICATION = [
|
2021-04-16 04:06:57 +02:00
|
|
|
THREAT_ACTOR_SOPHISTICATION_NONE,
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_MINIMAL,
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_INTERMEDIATE,
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_ADVANCED,
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_EXPERT,
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_INNOVATOR,
|
|
|
|
THREAT_ACTOR_SOPHISTICATION_STRATEGIC,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
TOOL_TYPE_DENIAL_OF_SERVICE = "denial-of-service"
|
|
|
|
TOOL_TYPE_EXPLOITATION = "exploitation"
|
|
|
|
TOOL_TYPE_INFORMATION_GATHERING = "information-gathering"
|
|
|
|
TOOL_TYPE_NETWORK_CAPTURE = "network-capture"
|
|
|
|
TOOL_TYPE_CREDENTIAL_EXPLOITATION = "credential-exploitation"
|
|
|
|
TOOL_TYPE_REMOTE_ACCESS = "remote-access"
|
|
|
|
TOOL_TYPE_VULNERABILITY_SCANNING = "vulnerability-scanning"
|
|
|
|
TOOL_TYPE_UNKNOWN = "unknown"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
TOOL_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
TOOL_TYPE_DENIAL_OF_SERVICE,
|
|
|
|
TOOL_TYPE_EXPLOITATION,
|
|
|
|
TOOL_TYPE_INFORMATION_GATHERING,
|
|
|
|
TOOL_TYPE_NETWORK_CAPTURE,
|
|
|
|
TOOL_TYPE_CREDENTIAL_EXPLOITATION,
|
|
|
|
TOOL_TYPE_REMOTE_ACCESS,
|
|
|
|
TOOL_TYPE_VULNERABILITY_SCANNING,
|
|
|
|
TOOL_TYPE_UNKNOWN,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_INTEGRITY_LEVEL_LOW = "low"
|
|
|
|
WINDOWS_INTEGRITY_LEVEL_MEDIUM = "medium"
|
|
|
|
WINDOWS_INTEGRITY_LEVEL_HIGH = "high"
|
|
|
|
WINDOWS_INTEGRITY_LEVEL_SYSTEM = "system"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
WINDOWS_INTEGRITY_LEVEL = [
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_INTEGRITY_LEVEL_LOW,
|
|
|
|
WINDOWS_INTEGRITY_LEVEL_MEDIUM,
|
|
|
|
WINDOWS_INTEGRITY_LEVEL_HIGH,
|
|
|
|
WINDOWS_INTEGRITY_LEVEL_SYSTEM,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_PEBINARY_TYPE_DLL = "dll"
|
|
|
|
WINDOWS_PEBINARY_TYPE_EXE = "exe"
|
|
|
|
WINDOWS_PEBINARY_TYPE_SYS = "sys"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
WINDOWS_PEBINARY_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_PEBINARY_TYPE_DLL,
|
|
|
|
WINDOWS_PEBINARY_TYPE_EXE,
|
|
|
|
WINDOWS_PEBINARY_TYPE_SYS,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_NONE = "REG_NONE"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_SZ = "REG_SZ"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_EXPAND_SZ = "REG_EXPAND_SZ"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_BINARY = "REG_BINARY"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_DWORD = "REG_DWORD"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_DWORD_BIG_ENDIAN = "REG_DWORD_BIG_ENDIAN"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_DWORD_LITTLE_ENDIAN = "REG_DWORD_LITTLE_ENDIAN"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_LINK = "REG_LINK"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_MULTI_SZ = "REG_MULTI_SZ"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_RESOURCE_LIST = "REG_RESOURCE_LIST"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_FULL_RESOURCE_DESCRIPTION = "REG_FULL_RESOURCE_DESCRIPTION"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_RESOURCE_REQUIREMENTS_LIST = "REG_RESOURCE_REQUIREMENTS_LIST"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_QWORD = "REG_QWORD"
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_INVALID_TYPE = "REG_INVALID_TYPE"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
WINDOWS_REGISTRY_DATATYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_NONE,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_SZ,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_EXPAND_SZ,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_BINARY,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_DWORD,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_DWORD_BIG_ENDIAN,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_DWORD_LITTLE_ENDIAN,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_LINK,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_MULTI_SZ,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_RESOURCE_LIST,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_FULL_RESOURCE_DESCRIPTION,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_RESOURCE_REQUIREMENTS_LIST,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_QWORD,
|
|
|
|
WINDOWS_REGISTRY_DATATYPE_REG_INVALID_TYPE,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_AUTO_START = "SERVICE_AUTO_START"
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_BOOT_START = "SERVICE_BOOT_START"
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_DEMAND_START = "SERVICE_DEMAND_START"
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_DISABLED = "SERVICE_DISABLED"
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_SYSTEM_ALERT = "SERVICE_SYSTEM_ALERT"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
WINDOWS_SERVICE_START_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_AUTO_START,
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_BOOT_START,
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_DEMAND_START,
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_DISABLED,
|
|
|
|
WINDOWS_SERVICE_START_TYPE_SERVICE_SYSTEM_ALERT,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_KERNEL_DRIVER = "SERVICE_KERNEL_DRIVER"
|
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_FILE_SYSTEM_DRIVER = "SERVICE_FILE_SYSTEM_DRIVER"
|
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_WIN32_OWN_PROCESS = "SERVICE_WIN32_OWN_PROCESS"
|
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_WIN32_SHARE_PROCESS = "SERVICE_WIN32_SHARE_PROCESS"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
WINDOWS_SERVICE_TYPE = [
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_KERNEL_DRIVER,
|
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_FILE_SYSTEM_DRIVER,
|
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_WIN32_OWN_PROCESS,
|
|
|
|
WINDOWS_SERVICE_TYPE_SERVICE_WIN32_SHARE_PROCESS,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_CONTINUE_PENDING = "SERVICE_CONTINUE_PENDING"
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_PAUSE_PENDING = "SERVICE_PAUSE_PENDING"
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_PAUSED = "SERVICE_PAUSED"
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_RUNNING = "SERVICE_RUNNING"
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_START_PENDING = "SERVICE_START_PENDING"
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_STOP_PENDING = "SERVICE_STOP_PENDING"
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_STOPPED = "SERVICE_STOPPED"
|
|
|
|
|
|
|
|
|
2020-07-10 02:13:53 +02:00
|
|
|
WINDOWS_SERVICE_STATUS = [
|
2021-04-16 04:06:57 +02:00
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_CONTINUE_PENDING,
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_PAUSE_PENDING,
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_PAUSED,
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_RUNNING,
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_START_PENDING,
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_STOP_PENDING,
|
|
|
|
WINDOWS_SERVICE_STATUS_SERVICE_STOPPED,
|
2020-07-10 02:13:53 +02:00
|
|
|
]
|