MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-galaxy/vocabularies/common/ttp-type.json

512 lines
7.3 KiB
JSON
Raw Normal View History

add cert-eu based vocabularies
2017-10-20 11:13:26 +02:00
{
"values": [
{
"value": "Android Trojan"
},
{
"value": "Backdoor"
},
{
"value": "Banking Trojan"
},
{
"value": "Bot"
},
{
"value": "DDoS malware"
},
{
"value": "Espionage malware"
},
{
"value": "Exploit kit"
},
{
"value": "Keylogger"
},
{
"value": "Mac Backdoor"
},
{
"value": "Mac Trojan"
},
{
"value": "Malware site"
},
{
"value": "RAT"
},
{
"value": "Rootkit"
},
{
"value": "SQLI malware"
},
{
"value": "Toolkit"
},
{
"value": "Trojan"
},
{
"value": "Other"
},
{
"value": "Unknown"
},
{
"value": "Ransomware"
},
{
"value": "Dark Net Market"
},
{
"value": "Destructive"
},
{
"value": "Forums"
},
{
"value": "Domain Registration"
},
{
"value": "POS malware"
},
{
"value": "Hosting"
},
{
"value": "ICS"
},
{
"value": "Android app"
},
{
"value": "Privacy"
},
{
"value": "Safe browsing"
},
{
"value": "Safe internet search"
},
{
"value": "Peer-to-peer"
},
{
"value": "Crypto"
},
{
"value": "Social media"
},
{
"value": "Identity Theft"
},
{
"value": "VPN"
},
{
"value": "Speech recognition software"
},
{
"value": "Encrypted email"
},
{
"value": "Messaging"
},
{
"value": "ATM malware"
},
{
"value": "Network mapper"
},
{
"value": "Pentest tool"
},
{
"value": "Authentication bypass"
},
{
"value": "Phishing infra"
},
{
"value": "Dox and ransom"
},
{
"value": "Hot patching"
},
{
"value": "Arsenal"
},
{
"value": "CVE"
},
{
"value": "Fake website"
},
{
"value": "Information stealer"
},
{
"value": "DoS"
},
{
"value": "Worm"
},
{
"value": "Downloader"
},
{
"value": "Loader"
},
{
"value": "Infostealer"
},
{
"value": "RF Signals Intercepter"
},
{
"value": "Wireless Keystroke Logger"
},
{
"value": "Recon tool"
},
{
"value": "Website"
},
{
"value": "Website recon"
},
{
"value": "Malware features"
},
{
"value": "URL shortener service"
},
{
"value": "Information Warfare"
},
{
"value": "Programming language"
},
{
"value": "Port scanner"
},
{
"value": "Installer"
},
{
"value": "CMS exploitation"
},
{
"value": "Remote execution tool"
},
{
"value": "Service"
},
{
"value": "Money miner"
},
{
"value": "Remote administration tool"
},
{
"value": "First-stage"
},
{
"value": "Dropper"
},
{
"value": "Virtual server penetration"
},
{
"value": "Scripting language"
},
{
"value": "Adware"
},
{
"value": "Obfuscation technique"
},
{
"value": "Drive-by attack"
},
{
"value": "PLC worm"
},
{
"value": "Blog"
},
{
"value": "Account checker"
},
{
"value": "Internet Control"
},
{
"value": "C2"
},
{
"value": "Scanning routers"
},
{
"value": "Take over"
},
{
"value": "Credit Card Fraud"
},
{
"value": "DDoS Tool"
},
{
"value": "IoT bot"
},
{
"value": "Targeting"
},
{
"value": "cryptocurrency"
},
{
"value": "Anti-analysis"
},
{
"value": "persistence"
},
{
"value": "Anti-detection"
},
{
"value": "Phishing-theme"
},
{
"value": "OpSec"
},
{
"value": "Automatic phone calls"
},
{
"value": "Selling"
},
{
"value": "Extortion"
},
{
"value": "Watering hole"
},
{
"value": "Sharing platform"
},
{
"value": "Sideloading"
},
{"value": "Operating System"
},
{"value": "Sample"
},
{"value": "Buffer overflow"
},
{
"value": "Online magazine"
},
{
"value": "Spoofing"
},
{
"value": "Ransomware-as-a-Service"
},
{
"value": "Spambot"
},
{
"value": "HTTP bot"
},
{
"value": "Shop"
},
{
"value": "Password recovery"
},
{
"value": "Password manager"
},
{
"value": "Certificate exploit"
},
{
"value": "Mailer"
},
{
"value": "Card"
},
{
"value": "Powershell agent"
},
{
"value": "Skimmer"
},
{
"value": "Exploit"
},
{
"value": "Medical device tampering"
},
{
"value": "App store"
},
{
"value": "Scareware"
},
{
"value": "Payment platform"
},
{
"value": "Man-in-the-middle"
},
{
"value": "Switch ttack"
},
{
"value": "Switch attack"
},
{
"value": "Browser hijacker"
},
{
"value": "Supply chain attack"
},
{
"value": "Powershell scripts"
},
{
"value": "Malicious iFrame injects"
},
{
"value": "Dumps grabber"
},
{
"value": "Exfiltration tool"
},
{
"value": "Code injection"
},
{
"value": "Mobile malware"
},
{
"value": "Zero-Day"
},
{
"value": "Multi-stage implant framework"
},
{
"value": "Second-stage"
},
{
"value": "IRC"
},
{
"value": "Administration"
},
{
"value": "XSS tool"
},
{
"value": "Tracking program"
},
{
"value": "HTTP loader"
},
{
"value": "Spyware"
},
{
"value": "Bitcoin stealer"
},
{
"value": "Phone bot"
},
{
"value": "Video editor"
},
{
"value": "URL shortening service"
},
{
"value": "Fraud"
},
{
"value": "Spreading mechanisms"
},
{
"value": "Android bot"
},
{
"value": "Disinformation"
},
{
"value": "Mineware"
},
{
"value": "CWE"
},
{
"value": "SCADA malware"
},
{
"value": "Crypter"
},
{
"value": "Phishing"
},
{
"value": "Template injection"
},
{
"value": "Credential stealer"
},
{
"value": "Crypto currency exchange and trading platform"
},
{
"value": "cryptocurrency mining malware"
},
{
"value": "Card shop"
},
{
"value": "Evasion"
},
{
"value": "Browser"
},
{
"value": "Wiper"
},
{
"value": "cryptocurrency cloud mining"
},
{
"value": "Distribution vector"
},
{
"value": "Postscript Abuse"
},
{
"value": "Bolware"
},
{
"value": "Software"
},
{
"value": "Proxy malware"
}
],
"version" : 1,
"description": "ttp type vocab as defined by Cert EU.",
"source": "Cert EU",
"author": ["Cert EU"],
"uuid": "55224678-b017-11e7-874d-971b517d8cba",
"type": "ttp-type-vocabulary"
}