MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [interpol] add Abuses together with Entities

pull/964/head
Christophe Vandeplas 2024-04-23 11:20:22 +02:00
parent 35d9b7bb67
commit 285892c854
No known key found for this signature in database
GPG Key ID: BDC48619FFDC5A5B
4 changed files with 227 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -211,13 +211,13 @@ Category: *Intelligence Agencies* - source: *https://en.wikipedia.org/wiki/List_
[[HTML](https://www.misp-project.org/galaxy.html#_intelligence_agencies)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/intelligence-agencies.json)]
## INTERPOL DWVA Entity Taxonomy
## INTERPOL DWVA Taxonomy
[INTERPOL DWVA Entity Taxonomy](https://www.misp-project.org/galaxy.html#_interpol_dwva_entity_taxonomy) - This taxonomy defines entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.
[INTERPOL DWVA Taxonomy](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy) - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.
Category: *interpol-dwva-entities* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *88* elements
Category: *dwva* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *94* elements
[[HTML](https://www.misp-project.org/galaxy.html#_interpol_dwva_entity_taxonomy)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva-entities.json)]
[[HTML](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva.json)]
## Malpedia
@ -607,7 +607,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-project.org/galaxy.html#_threat_actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *668* elements
Category: *actor* - source: *MISP Project* - total: *671* elements
[[HTML](https://www.misp-project.org/galaxy.html#_threat_actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
@ -691,7 +691,6 @@ Category: *virus* - source: *https://www.culturecollections.org.uk* - total: *66
[[HTML](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ukhsa-culture-collections.json)]
# Online documentation
The [misp-galaxy.org](https://misp-galaxy.org) website provides an easily navigable resource for all MISP galaxy clusters.

259
clusters/interpol-dwva-entities.json → clusters/interpol-dwva.json
View File

@ -2,18 +2,18 @@
"authors": [
"INTERPOL Darkweb and Virtual Assets Working Group"
],
"category": "dwva-entities",
"description": "This taxonomy defines entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
"name": "INTERPOL DWVA Entity Taxonomy",
"category": "dwva",
"description": "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
"name": "INTERPOL DWVA Taxonomy",
"source": "https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/",
"type": "dwva-entities",
"type": "dwva",
"uuid": "b15898ba-a923-4916-856c-0dfe8b174196",
"values": [
{
"description": "An application that does not rely on a central server but on several decentralized nodes. Each user can choose to be an active node serving the app. ",
"meta": {
"kill_chain": [
"concepts:Infrastructure"
"Entities:Infrastructure"
]
},
"uuid": "469a982f-c2fc-557e-9539-39641d9cb842",
@ -23,7 +23,7 @@
"description": "A [hardware] cryptocurrency wallet is a device, physical medium, (...) which stores the private keys for cryptocurrency transactions. It will normally also contain the associated public keys.",
"meta": {
"kill_chain": [
"concepts:Wallet"
"Entities:Wallet"
]
},
"uuid": "6d62ceb4-d172-54da-9ae5-e766f58bf4d6",
@ -33,7 +33,7 @@
"description": "A decentralized distributed system that provides sharing contact information, so people downloading the same file can discover each other. Both Tor and I2P use DHT. Due to the distributed nature of the hidden services domain resolution, it is possible to deploy nodes in the DHT to monitor requests coming from a given domain.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "9d537e25-39d8-5cc3-b769-48ff900dfa70",
@ -43,7 +43,7 @@
"description": "Bitcoin is a network protocol based on blockchain, introduced by Nakamoto [11] which allows payments and coin transfers to be made among participating entities. No trusted",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "4a6cfe47-bfc3-574d-9d07-950bd045e305",
@ -53,7 +53,7 @@
"description": "Counterfeit consumer goods are goods, often of inferior quality, made or sold under another's brand name without the brand owner's authorization.",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "f95b3fad-a0d1-5141-8729-689189ca70a9",
@ -63,7 +63,7 @@
"description": "A shop owner is an actor within the group of Criminal Actors; operating a DW shop.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "80fc8f9c-26e8-5759-afde-26ac748193ea",
@ -73,7 +73,7 @@
"description": "An HD (Hierarchical Deterministic) Wallet is a tree of private/public keypairs starting from a master seed. This technology provides both account management and identity masking. A user only needs to keep the master seeds because she can generate following keypairs from the root key deterministically, and each public key that can be exposed is changed for each transaction. ",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "73b6cf78-ae88-5fd5-8514-99e59063f1aa",
@ -83,7 +83,7 @@
"description": "A non-fungible token (NFT) is a unit of data stored on a digital ledger, called a blockchain, that certifies a digital asset to be unique and therefore not interchangeable. NFTs can be used to represent items such as photos, videos, audio, and other types of digital files.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
],
"refs": [
"https://en.wikipedia.org/wiki/Non-fungible_token"
@ -96,7 +96,7 @@
"description": "A (hosting) service that guarantees the availability of hosted resources even when they are found to be malicious or illegal. ",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "f5c58c28-64ac-5cb4-aa01-6ff9e7eb0e7f",
@ -106,7 +106,7 @@
"description": "Wiki services, including directory services for other hidden services, hosted in the Dark Web.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "63b2dd59-bc5d-5673-95bd-efca71d87c98",
@ -116,7 +116,7 @@
"description": "In a Proof of Stake (PoS) network, users need to prove ownership of enough stakes to become validators. Ethereum (ETH) is moving from PoW to PoS. PoS offers several advantages over PoW: it is energy efficient, reduces hardware requirements and is less prone to centralisation ",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "ecf1ad91-1cf2-53dc-857e-f5f6b2b9223f",
@ -126,7 +126,7 @@
"description": "Multisig refers to all the transactions that require two or more signatures. Multisignature transactions and addresses are validated only when at least x of the possible y signatories have signed. x and y are defined at creation.",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
]
},
"uuid": "2487485a-cd53-5e1e-82a5-b69a9422e469",
@ -136,7 +136,7 @@
"description": "A cryptocurrency with a decentralized Blockchain that provides anonymity for its users and their transactions. It is similar to Bitcoin as an open-source, but their major differences are the increased level of privacy it provides. ",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "d34972ac-80c3-58ed-8c13-76a3f7ff2f3a",
@ -146,7 +146,7 @@
"description": "Buyers may \"finalize early\" (FE), releasing funds from escrow to the vendor prior to receiving their goods in order to expedite a transaction. This can be done when there is a trust relationship between vendor and buyer, however it does leave the buyer vulnerable to fraud if they choose to do so.",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
]
},
"uuid": "e699a6f3-2dc3-5df1-a3e5-bec7974fc985",
@ -156,7 +156,7 @@
"description": "CoinSwap is a protocol to make a transaction via a third party to obfuscate the money flow. For instance, when Alice would like to pay Bob, Carol offers to receive Alice's coin and pay Bob with an unconnected coin. While none of these parties trusts each other, this protocol does not allow Carol to rob Alice's coin.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "2605341c-b0d1-51db-89fa-8bf0a3d03941",
@ -166,7 +166,7 @@
"description": "Ripple is a real-time gross settlement system, currency exchange and remittance network created by Ripple Labs Inc., a US-based technology company. (...) The ledger employs the native cryptocurrency known as XRP.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "00c741af-99c2-5c44-84bd-c4b83975e747",
@ -176,7 +176,7 @@
"description": "Someone who is selling something.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
],
"refs": [
"https://dictionary.cambridge.org/dictionary/english/vendor"
@ -189,7 +189,7 @@
"description": "Initial Coin Offerings (ICO) are public offers of new cryptocurrencies in exchange of existing ones, aimed to finance projects in the blockchain development arena. The typical pattern is for a startup to produce a white paper that describes their business model and technical approach. The white paper includes details about the functions that the tokens issued during the ICO will perform and the process of token creation.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "51c1324f-a92e-5803-861a-473ed2c26b4a",
@ -199,7 +199,7 @@
"description": "Layer 2 is a collective term for solutions designed to help scale decentralised applications by handling transactions off the Ethereum mainnet (layer 1), while taking advantage of the robust decentralized security model of mainnet.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
],
"refs": [
"https://ethereum.org/en/developers/docs/scaling/layer-2-rollups"
@ -212,7 +212,7 @@
"description": "Virtual asset service provider means any natural or legal person who (...) as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i) exchange between virtual assets and fiat currencies; ii) exchange between one or more forms of virtual assets; iii) transfer of virtual assets; iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and v) participation in and provision of financial services related to an issuers offer and/or sale of a virtual asset.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "2e2f67bf-d5a0-544a-a5e4-7bb9da23fd0c",
@ -222,7 +222,7 @@
"description": "Same as exchange but in a completely distributed environment. There is no central hosting server and all nodes are servers.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "754d163f-01fc-551f-b501-c65591307d02",
@ -232,7 +232,7 @@
"description": "Refers to data that provides information about a certain item's content. For example, an image may include information that describes how large the picture is or when the image was created, while a text document may contain information about the author of the document, or the IP address of the document's author, and so on. ",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "bf02d987-1f4e-500f-af39-8d85cda7ffd1",
@ -242,7 +242,7 @@
"description": "An exit scam can be performed by a dark net martket or single vendor shop and is the process in which the one or more of the market admins prevents users withdrawing funds through the escrow system and then closes the market, exiting with all the bitcoins and other digital currencies they were holding in escrow.",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
]
},
"uuid": "d457fb70-6f79-5e0b-aad0-c947a6b61faf",
@ -252,7 +252,7 @@
"description": "A smart contract is a self-executing contract with the terms of the agreement between buyer and seller being directly written into lines of code. The code and the agreements contained therein exist across a distributed, decentralized blockchain network. The code controls the execution, and transactions are trackable and irreversible.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "ebf4b07b-e879-53c5-9b9e-862178742112",
@ -262,7 +262,7 @@
"description": "An actor that provides a service by making available and managing infrastructure or by executing a process",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "6e27d6e7-bb5f-5f8b-acff-2cb2a8e7ad02",
@ -272,7 +272,7 @@
"description": "An actor whose job it is to supervise the technical operation of a service",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "4040b338-591d-5863-8d5e-474294e603e4",
@ -282,7 +282,7 @@
"description": "A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "1666d707-c38a-5153-88fc-9ed6fdfeef75",
@ -292,7 +292,7 @@
"description": "Forum services hosted in the Dark Web.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "c50cbe2d-8c5d-556c-a3a0-1ee2edf8091c",
@ -302,7 +302,7 @@
"description": "A shop is a service where products from one actor (the shop owner) are traded.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "d6a68be7-82e7-5fd4-b653-27e8d15fb6dd",
@ -312,7 +312,7 @@
"description": "A digital account hosted by third party financial institution, known as Virtual Asset Service Provider(VASP), which allows the account-holder (the user) to store, send, and receive cryptocurrency.",
"meta": {
"kill_chain": [
"concepts:Wallet"
"Entities:Wallet"
],
"refs": [
"https://home.treasury.gov/system/files/136/2020-12-18-FAQs.pdf"
@ -325,7 +325,7 @@
"description": "A special-use top level domain name designating an anonymous onion service, which was formerly known as a \"hidden service\". It is referred to as that because of the “layered” approach to relays on the Tor Browser.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "229e9ab2-4c75-52af-aab8-e73d0fe8b493",
@ -335,7 +335,7 @@
"description": "Blockchain bridges enable interoperability between vastly different networks, such as Bitcoin and Ethereum, and between one parent blockchain and its sidechains.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
],
"refs": [
"https://blog.makerdao.com/what-are-blockchain-bridges-and-why-are-they-important-for-defi/"
@ -348,7 +348,7 @@
"description": "A wallet that is not hosted by a third-party financial system. It can be very difficult or impossible to determine who is accessing or in control of the use of cryptocurrencies in an unhosted wallet. Unhosted wallets allow for anonymity and concealment of illicit financial activity.",
"meta": {
"kill_chain": [
"concepts:Wallet"
"Entities:Wallet"
],
"refs": [
"https://home.treasury.gov/system/files/136/2020-12-18-FAQs.pdf"
@ -361,7 +361,7 @@
"description": "A vending tactic involving the vendor passing the buyers address on to another vendor to ship to, eliminating any need for the middleman (dropshipper) to handle anything illegal in person.",
"meta": {
"kill_chain": [
"concepts:Generic"
"Entities:Generic"
],
"refs": [
"DNM Bible Glossary"
@ -374,7 +374,7 @@
"description": "A sidechain is a side blockchain that is linked to another blockchain, referred to as the main chain, via a two-way peg.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
],
"refs": [
"https://coinmarketcap.com/alexandria/glossary/side-chain"
@ -387,7 +387,7 @@
"description": "A cryptocurrency loan executed trough a smart contract, with no collateral, that must be paid back in the same block. The purpose of a flash loan is to gain money through arbitrage (on different exchanges or different assets) without providing any collateral.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
],
"refs": [
"https://www.coindesk.com/what-is-a-flash-loan"
@ -400,7 +400,7 @@
"description": "An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties, with the disbursement dependent on conditions agreed to by the transacting parties.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "fc936928-f8be-5652-b13c-a0491158959a",
@ -410,7 +410,7 @@
"description": "Bitcoin blockchain is constructed and validated by computation. Miners work to validate the blockchain with their computation power, proving their work for a reward. The Bitcoin Blockchain is based on Proof-of-Work. ",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "f4377e3b-ed10-5291-b984-4225013cde1b",
@ -420,7 +420,7 @@
"description": "A method of scrambling or anonymizing the source of ones cryptocurrencies. ",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "7739c2a5-45f5-58b1-97af-59e65f69284c",
@ -430,7 +430,7 @@
"description": "An unspent transaction output of cryptocurrencies. This output is considered as an input to new transaction.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "ea28ccaa-9786-5871-bda1-add90914da3d",
@ -440,7 +440,7 @@
"description": "A crypto-asset (...) is a digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a ledger existing in a form of a computerized database using strong cryptography to secure transaction records, to control the creation of additional coins, and to verify the transfer of coin ownership.",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "e9bf2ffe-9695-5c79-a88d-792fefbed39b",
@ -450,7 +450,7 @@
"description": "Bitcoin Cash is a cryptocurrency that is a fork of Bitcoin. Bitcoin Cash is a spin-off or altcoin that was created in 2017.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "ff848751-0764-5053-89af-e0feb4aeb482",
@ -460,7 +460,7 @@
"description": "Fiat money is a currency (a medium of exchange) established as money, often by government regulation. Fiat money does not have intrinsic value and does not have use value. It has value only because a government maintains its value, or because parties engaging in exchange agree on its value. ",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "5b639ba0-e080-548b-9950-6e6c6f4a1fbd",
@ -470,7 +470,7 @@
"description": "A Bitcoin ATM (Automated Teller Machine) is a kiosk that allows a person to purchase Bitcoin and other cryptocurrencies by using cash or debit card. Some types of ATM also allow users to sell their cryptocurrency, dispensing cash in payment. Depending on the provider, the ATM can require KYC verification.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "2bb19164-c3ff-503f-9971-400de7af7fee",
@ -480,7 +480,7 @@
"description": "Ethereum is a decentralized, open-source blockchain with smart contract functionality. Ether (ETH) is the native cryptocurrency of the platform. It is the second-largest cryptocurrency by market capitalization, after Bitcoin. Ethereum is the most actively used blockchain. ",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "2c0ef492-3bc0-510b-bd43-0802d9adf3f5",
@ -490,7 +490,7 @@
"description": "A process that lets you earn either fixed or variable interest by investing crypto in a DeFi market.",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
],
"refs": [
"https://decrypt.co/resources/what-is-yield-farming-beginners-guide"
@ -503,7 +503,7 @@
"description": "An “anonymous overlay network” using the garlic routing protocol that encrypts multiple messages together to make data traffic analysis difficult, while simultaneously increasing network traffic speed. Each encrypted message has its own specific delivery instruction, and each endpoint works as a cryptographic identifier or what we refer to as “keys.” Since I2P is entirely peer-to-peer in structure, there's no hard-coded trusted set of directory stores. Instead, the network directory of I2P is netDb, a distributed database that is replicated across the network.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "30b69477-70ff-51dc-b8f6-f29f03f5f0ac",
@ -513,7 +513,7 @@
"description": "Authority that defines (national) regulations",
"meta": {
"kill_chain": [
"concepts:Authorities"
"Entities:Authorities"
]
},
"uuid": "30e65bc1-97e7-588f-a717-cb47a52b6ec6",
@ -523,7 +523,7 @@
"description": "A collective name used to describe websites which require a special browser in order to access.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "46800c1a-cceb-555d-9a22-5ebaebf62625",
@ -533,7 +533,7 @@
"description": "A relay is a node in the Tor network. When a request to access a particular hidden service is made, the browser calculates the optimal route through a series of relays, exchanging cryptographic keys between nodes, to display the content without disclosing the IP address of the request originator. Each relay decrypts a layer of encryption to reveal the next relay in the circuit to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing or knowing the source IP address. ",
"meta": {
"kill_chain": [
"concepts:Infrastructure"
"Entities:Infrastructure"
]
},
"uuid": "c751ccc2-a365-51f1-97a1-1fec29b9726d",
@ -543,7 +543,7 @@
"description": "Bitcoin improvement proposals, these are the equivalent of RFCs. They define the protocols and structures of Bitcoin. They are developed and maintained at the Bitcoin Github.",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
]
},
"uuid": "acbb92c2-be9c-55db-a264-2eb3ec09e6ce",
@ -553,7 +553,7 @@
"description": "Smart Contracts on blockchains, DApps, mainly via the Ethereum technology and network. They are used to provide traditional financial services. The technology provides strong immunity against attackers and some level of anonymity and privacy. Transactions are confirmed relatively fast, but mostly lack KYC and AML compliance controls and offer limited to no user support and customer care. Current DeFi innovations include: Lending platforms; Prediction markets; Decentralised Exchange (DEXs); Staking and pooling platforms. ",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "a65902c5-b9d4-59ae-9b83-144923cea2bc",
@ -563,7 +563,7 @@
"description": "The end user of a service. Customer would be paying for the services (buying good, using a service, owning an asset...).",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "7a226797-891c-55f6-8f2e-0753c8c43fec",
@ -573,7 +573,7 @@
"description": "Litecoin (LTC or Ł) is a peer-to-peer cryptocurrency and open-source software project released under the MIT/X11 license. Litecoin was an early bitcoin spinoff or altcoin, starting in October 2011. In technical details, Litecoin is nearly identical to Bitcoin.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "6317fb5c-072e-5a80-845f-2577b18e4d89",
@ -583,7 +583,7 @@
"description": "Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "61bbe7e3-3ad2-5e44-bd76-91c5058e301a",
@ -593,7 +593,7 @@
"description": "Tether is a controversial cryptocurrency with tokens issued by Tether Limited. It formerly falsely claimed that each token was backed by one United States dollar, but on 14 March 2019 changed the backing to include loans to affiliate companies.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "058eb937-cce7-5469-a5fa-9def1e7b3744",
@ -603,7 +603,7 @@
"description": "A bank is a financial institution that accepts deposits from the public and creates a demand deposit while simultaneously making loans.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "4ccf207f-40df-59ad-99d0-17fc7f9fd055",
@ -613,7 +613,7 @@
"description": "An open-source cryptocurrency created in April 2014 that focuses on fungibility, privacy and decentralization. Monero (XMR) uses an obfuscated public ledger, meaning anybody can broadcast or send transactions, but no outside observer can tell the source, amount or destination. ",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "d41ae632-4373-5915-b339-39ffe6ddff7d",
@ -623,7 +623,7 @@
"description": "BNB powers the Binance Ecosystem. As the native coin of Binance Chain, BNB has multiple use cases: fueling transactions on the Chain, paying for transaction fees on Binance Exchange, making in-store payments, and many more.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "45800897-766c-51fe-ad0a-c33bb56277ba",
@ -633,7 +633,7 @@
"description": "A type of anonymity network similar to Tor, based on the Invisible Internet Project protocol.",
"meta": {
"kill_chain": [
"concepts:Dark_Web"
"Entities:Dark_Web"
]
},
"uuid": "27636f7b-1ac6-5db7-b322-045ed04b2de5",
@ -643,7 +643,7 @@
"description": "A darknet market is a commercial website on the web that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "dae3b4a9-7838-5761-9356-faa9c55f0d47",
@ -653,7 +653,7 @@
"description": "An abbreviation for Pretty Good Privacy, an encryption program popular for encrypting emails and files. Through the use of public and private keys, it allows users who have never met to send encrypted messages etc. to each other without exchanging private encryption keys.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "0db385a9-9cbd-5420-acef-472029b9cd0a",
@ -663,7 +663,7 @@
"description": "Notice and take down is a process operated by online hosts in response to court orders or allegations that content is illegal. Content is removed by the host following notice. ",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
]
},
"uuid": "a22efe40-4a32-59af-b219-216e8ced8dd5",
@ -673,7 +673,7 @@
"description": "Someone or something that has been hurt, damaged, or killed or has suffered, either because of the actions of someone or something else, or because of illness or chance.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
],
"refs": [
"https://dictionary.cambridge.org/dictionary/english/victim"
@ -686,7 +686,7 @@
"description": "Polkadot is a heterogeneous multi-chain interchange and translation architecture which enables customised side-chains to connect with public blockchains.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "6d36792e-836a-5c87-9f8c-a826169eb2c8",
@ -696,7 +696,7 @@
"description": "Login credentials for e-services that are provided by financial institutions with a bank license.",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "d9620d2b-7f4a-5a04-aa8a-63935f1d3011",
@ -706,7 +706,7 @@
"description": "A money mule, sometimes called a \"smurfer,\" is a person who transfers money acquired illegally in person, through a courier service, or electronically, on behalf of others. Typically, the mule is paid for services with a small part of the money transferred. ",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "91c16626-6b05-50e2-a344-62e07abac344",
@ -716,7 +716,7 @@
"description": "A text-based chat service enabling users connected to a server to communicate with each other in real-time. ",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "14461a3c-b0f9-57b7-9aae-633988f910d4",
@ -726,7 +726,7 @@
"description": "A [software] cryptocurrency wallet is a (...) program or a service which stores the private keys for cryptocurrency transactions. It will normally also contain the associated public keys.",
"meta": {
"kill_chain": [
"concepts:Wallet"
"Entities:Wallet"
]
},
"uuid": "b2d781a1-97d1-503e-b7e1-d099fc348071",
@ -736,7 +736,7 @@
"description": "Cardano is a public blockchain platform. It is open source and decentralized, with consensus achieved using proof of stake. It can facilitate peer-to-peer transactions with its internal cryptocurrency Ada.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "f8b5c74e-6cdd-5bf0-9f11-c2419db6bab4",
@ -746,7 +746,7 @@
"description": "Dogecoin (code: DOGE, symbol: Ð) is a cryptocurrency created by software engineers Billy Markus and Jackson Palmer, who decided to create a payment system that is instant, fun, and free from traditional banking fees.",
"meta": {
"kill_chain": [
"concepts:Cryptocurrency"
"Entities:Cryptocurrency"
]
},
"uuid": "c93f371a-4d61-57fc-a3ef-e296eb5ddc4e",
@ -756,7 +756,7 @@
"description": "Trading platform (commonly referred to as an “Exchange”) is the term within this paper used to describe any venue which facilitates the exchange of tokens for any form of money or asset. Trading platforms provide services to buy and sell tokens and/or for exchange of national (fiat) currencies backed by central banks.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "470b9309-79e3-545e-bc6a-df45df7e43af",
@ -766,7 +766,7 @@
"description": "Blockchain is a distributed technology built under peer-to-peer network principles and cryptographic primitives, such as asymmetric encryption and digital signature. It allows trust-less users to exchange information and record transactions without external interference and coordination.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "3fc478f2-b949-5b25-aecd-c7263e0f453d",
@ -776,7 +776,7 @@
"description": "Messaging services hosted or accessible via privacy enhanced networks.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "58868c19-cee0-5f5c-b8fa-2db0e7be4277",
@ -786,7 +786,7 @@
"description": "A credential is a piece of any document that details a qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "211d1030-727f-50e6-ae6e-05dd76bc72bd",
@ -796,7 +796,7 @@
"description": "A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investors funds",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
],
"refs": [
"https://coinmarketcap.com/alexandria/glossary/rug-pull"
@ -809,7 +809,7 @@
"description": "A person who manages the discussion contributions in an online forum.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "e9b5e147-ae3f-52fa-a927-e0fd45af269c",
@ -819,7 +819,7 @@
"description": "A network of routers that adds encryption to conceal a web users location and usage so that these are resistant to surveillance and hence are truly anonymous. The domain names of these hidden sites all end in .onion and they are only accessible by using a Tor browser. Tor stands for The Onion Router. ",
"meta": {
"kill_chain": [
"concepts:Dark_Web"
"Entities:Dark_Web"
]
},
"uuid": "01d8b306-9f3c-58f3-a262-3666ef5422a6",
@ -829,7 +829,7 @@
"description": "One of the newest Darknets, becoming increasingly popular. It is a combination of trackerless Bittorrent and a Blockchain for persistent site and user identity. ZeroNet optionally uses the Tor network as a virtual private network. As a full mesh network, all clients are also servers. By browsing to a “zite” as they are known in ZeroNet lingo, the machine used automatically becomes one of the servers for this zite also. ",
"meta": {
"kill_chain": [
"concepts:Dark_Web"
"Entities:Dark_Web"
]
},
"uuid": "2aef7bc3-7dec-55e7-8efb-09f2c2d4b998",
@ -839,7 +839,7 @@
"description": "The dead drop is a delivery model used by some vendors to distribute their products. A vendor uses a dropman to hide consignments of pre-packaged drug deals in a number of suitably discreet offline locations. When a buyer makes a purchase from the vendor the geo-coordinates are provided to them for them to collect their order.",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "06d58504-8603-57cf-9684-fd170aec3e19",
@ -849,7 +849,7 @@
"description": "Coinjoin is a method of mixing cryptocurrency tokens or coins, where two or more user transactions are combined into a single transaction on the blockchain, with multiple inputs and outputs. The concept behind that methodology is to obfuscate the link between an input and an output that would otherwise be apparent in a standard, single-user transaction. The coinjoin methodology is open-source and integrated into some software wallets, and is also available for use via a hosted online service.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "3b0afb33-efce-56e5-9d17-9c4e29c24194",
@ -859,7 +859,7 @@
"description": "A pastebin or text storage site is a type of online content hosting service where users can store plain text, e.g. to source code snippets for code review via Internet Relay Chat (IRC).",
"meta": {
"kill_chain": [
"concepts:Service"
"Entities:Service"
]
},
"uuid": "1d370886-ae76-561b-bfda-00d7276a2672",
@ -869,7 +869,7 @@
"description": "The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard web search-engines.",
"meta": {
"kill_chain": [
"concepts:Infrastructure"
"Entities:Infrastructure"
]
},
"uuid": "1671f327-3e58-5f64-94fe-acf0860effbe",
@ -879,7 +879,7 @@
"description": "(User of) Decentralized virtual currency that employs cryptography to accomplish tamper-resistance.",
"meta": {
"kill_chain": [
"concepts:Actor"
"Entities:Actor"
]
},
"uuid": "980a0996-5c70-5de2-9698-e5057015702d",
@ -889,7 +889,7 @@
"description": "An attack to a DeFi protocol that exploits vulnerabilities in the flash loan system",
"meta": {
"kill_chain": [
"concepts:Process"
"Entities:Process"
]
},
"uuid": "9f510016-a418-563f-9ffc-0a8fb1393d07",
@ -899,7 +899,7 @@
"description": "Privacy coins are a class of cryptocurrencies that power private and anonymous blockchain transactions by obscuring their origin and destination. Some of the techniques used include hiding a users real wallet balance and address, and mixing multiple transactions with each other to elude chain analysis.",
"meta": {
"kill_chain": [
"concepts:Asset"
"Entities:Asset"
]
},
"uuid": "96ccc6d4-fce6-5d4e-bfdc-4888a5af9aaa",
@ -909,7 +909,7 @@
"description": "The exchange or sharing of information, data, or assets between parties without the involvement of a central authority. Peer-to-peer, or P2P, takes a decentralized approach to interactions between individuals and groups. This approach has been used in computers and networking (peer-to-peer file sharing), as well as with virtual assets trading.",
"meta": {
"kill_chain": [
"concepts:Technology"
"Entities:Technology"
]
},
"uuid": "acf94ffc-7cfe-5f59-84a4-63c07b283e3c",
@ -919,11 +919,86 @@
"description": "A virtual service that changes users IP addresses when using the Internet. ",
"meta": {
"kill_chain": [
"concepts:Infrastructure"
"Entities:Infrastructure"
]
},
"uuid": "70d38f80-be9b-54aa-8918-3450db195147",
"value": "Proxy"
},
{
"description": "Scam denotes a fraudulent or deceptive act or operation.\n",
"meta": {
"kill_chain": [
"Abuses:Concept"
],
"refs": [
"https://www.merriam-webster.com/dictionary/scam"
]
},
"uuid": "f29c9e38-b210-5e57-9c04-c9e24936b72e",
"value": "Scam"
},
{
"description": "Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion.\n",
"meta": {
"kill_chain": [
"Abuses:Concept"
],
"refs": [
"https://en.wikipedia.org/wiki/Sextortion"
]
},
"uuid": "c47c83c2-bd3f-5168-af5a-4ecb29a8def4",
"value": "Sextortion"
},
{
"description": "Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.\n",
"meta": {
"kill_chain": [
"Abuses:Concept"
],
"refs": [
"https://en.wikipedia.org/wiki/Phishing"
]
},
"uuid": "d2206519-0e80-5794-8d4f-7c5ae4321da9",
"value": "Phishing"
},
{
"description": "A service hack denotes the digital intrusion into a service with the goal to steal funds.\n",
"meta": {
"kill_chain": [
"Abuses:Concept"
]
},
"uuid": "6ee22586-865d-5aa9-8b5a-7c667fd8f236",
"value": "Service Hack"
},
{
"description": "Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. \n",
"meta": {
"kill_chain": [
"Abuses:Concept"
],
"refs": [
"https://en.wikipedia.org/wiki/Ransomware"
]
},
"uuid": "cf8e3755-4918-581f-b4cb-542b916cb2db",
"value": "Ransomware"
},
{
"description": "A Ponzi scheme is a form of fraud that lures investors and pays profits to earlier investors with funds from more recent investors\n",
"meta": {
"kill_chain": [
"Abuses:Concept"
],
"refs": [
"https://en.wikipedia.org/wiki/Ponzi_scheme"
]
},
"uuid": "8a79fc5f-1639-564c-8c09-8dc0dc1abb9b",
"value": "Ponzi Scheme"
}
],
"version": 1

11
galaxies/interpol-dwva-entities.json → galaxies/interpol-dwva.json
View File

@ -1,8 +1,11 @@
{
"description": "This taxonomy defines entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
"description": "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
"icon": "user-secret",
"kill_chain_order": {
"concepts": [
"Abuses": [
"Concept"
],
"Entities": [
"Actor",
"Asset",
"Authorities",
@ -16,9 +19,9 @@
"Wallet"
]
},
"name": "INTERPOL DWVA Entity Taxonomy",
"name": "INTERPOL DWVA Taxonomy",
"namespace": "interpol",
"type": "dwva-entities",
"type": "dwva",
"uuid": "a375d7fd-0a3e-41cf-a531-ef56033df967",
"version": 1
}

71
tools/gen_interpol_dwvat.py
View File

@ -41,38 +41,36 @@ contains _data folder with
- entities.yaml - matrix like taxonomy
'''
with open(os.path.join(args.path, '_data', 'entities.yaml'), 'r') as f:
entities_data = yaml.safe_load(f)
try:
with open(os.path.join('..', 'galaxies', 'interpol-entities.json'), 'r') as f:
with open(os.path.join('..', 'galaxies', 'interpol-dwva.json'), 'r') as f:
json_galaxy = json.load(f)
except FileNotFoundError:
json_galaxy = {
'icon': "user-secret",
'kill_chain_order': {
'concepts': []
'Entities': [],
'Abuses': ['Concept']
},
'name': "INTERPOL DWVA Entity Taxonomy",
'description': "This taxonomy defines entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
'name': "INTERPOL DWVA Taxonomy",
'description': "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
'namespace': "interpol",
'type': "dwva-entities",
'type': "dwva",
'uuid': "a375d7fd-0a3e-41cf-a531-ef56033df967",
'version': 1
}
try:
with open(os.path.join('..', 'clusters', 'interpol-entities.json'), 'r') as f:
with open(os.path.join('..', 'clusters', 'interpol-dwva.json'), 'r') as f:
json_cluster = json.load(f)
except FileNotFoundError:
json_cluster = {
'authors': ["INTERPOL Darkweb and Virtual Assets Working Group"],
'category': 'dwva-entities',
'name': "INTERPOL DWVA Entity Taxonomy",
'description': "This taxonomy defines entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
'category': 'dwva',
'name': "INTERPOL DWVA Taxonomy",
'description': "This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.",
'source': 'https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/',
'type': "dwva-entities",
'type': "dwva",
'uuid': "b15898ba-a923-4916-856c-0dfe8b174196",
'values': [],
'version': 1
@ -83,6 +81,12 @@ tactics = set()
clusters_dict = {}
# FIXME create dict for the existing clusters, so we can update the clusters without losing the relations
#
# Entities
#
with open(os.path.join(args.path, '_data', 'entities.yaml'), 'r') as f:
entities_data = yaml.safe_load(f)
# build a broader concept list so we can ignore them later on
broaders = set()
for section in entities_data:
@ -90,16 +94,12 @@ for section in entities_data:
broaders.add(entities_data[section]['broader'])
except KeyError:
pass
print(broaders)
# the Entities
for section in entities_data:
item = entities_data[section]
if item['type'] == 'concept':
if item['id'] in broaders: # skip the broader concepts
print(f"Skipping {item['id']}")
continue
print(f"Processing {item['id']}")
if 'broader' not in item:
item['broader'] = 'generic'
tactics.add(item['broader'].title())
@ -109,7 +109,7 @@ for section in entities_data:
'description': item['description'],
'uuid': str(uuid.uuid5(uuid.UUID("d0ceebc2-877b-4873-9785-d00f279ccb45"), value)),
'meta': {
'kill_chain': [f"concepts:{item['broader'].title()}"],
'kill_chain': [f"Entities:{item['broader'].title()}"],
}
}
try:
@ -117,21 +117,46 @@ for section in entities_data:
except KeyError:
pass
# transform dict to list
#
# Abuses
#
with open(os.path.join(args.path, '_data', 'abuses.yaml'), 'r') as f:
entities_data = yaml.safe_load(f)
for section in entities_data:
item = entities_data[section]
if item['type'] == 'concept':
value = item['prefLabel']
clusters_dict[value] = {
'value': value,
'description': item['description'],
'uuid': str(uuid.uuid5(uuid.UUID("d0ceebc2-877b-4873-9785-d00f279ccb45"), value)),
'meta': {
'kill_chain': [f"Abuses:Concept"],
}
}
try:
clusters_dict[value]['meta']['refs'] = [item['seeAlso']]
except KeyError:
pass
#
# Finally transform dict to list
#
clusters = []
for item in clusters_dict.values():
clusters.append(item)
json_cluster['values'] = clusters
json_galaxy['kill_chain_order']['concepts'] = sorted(list(tactics))
json_galaxy['kill_chain_order']['Entities'] = sorted(list(tactics))
# save the Galaxy and Cluster file
with open(os.path.join('..', 'galaxies', 'interpol-dwva-entities.json'), 'w') as f:
with open(os.path.join('..', 'galaxies', 'interpol-dwva.json'), 'w') as f:
json.dump(json_galaxy, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
with open(os.path.join('..', 'clusters', 'interpol-dwva-entities.json'), 'w') as f:
with open(os.path.join('..', 'clusters', 'interpol-dwva.json'), 'w') as f:
json.dump(json_cluster, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things