diff --git a/clusters/android.json b/clusters/android.json index cf3d24c..22d4903 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -2,11 +2,11 @@ "authors": [ "Unknown" ], + "category": "tool", "description": "Android malware galaxy based on multiple open sources.", "name": "Android", "source": "Open Sources", "type": "android", - "category": "tool", "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa", "values": [ { diff --git a/clusters/backdoor.json b/clusters/backdoor.json index 9ec8af7..8518a70 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -2,11 +2,11 @@ "authors": [ "raw-data" ], + "category": "tool", "description": "A list of backdoor malware.", "name": "Backdoor", "source": "Open Sources", "type": "backdoor", - "category": "tool", "uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf", "values": [ { diff --git a/clusters/banker.json b/clusters/banker.json index d179bfe..06dc418 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -3,11 +3,11 @@ "Unknown", "raw-data" ], + "category": "tool", "description": "A list of banker malware.", "name": "Banker", "source": "Open Sources", "type": "banker", - "category": "tool", "uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "values": [ { diff --git a/clusters/botnet.json b/clusters/botnet.json index bef45cf..c3ad3ad 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -2,11 +2,11 @@ "authors": [ "Various" ], + "category": "tool", "description": "botnet galaxy", "name": "Botnet", "source": "MISP Project", "type": "botnet", - "category": "tool", "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f", "values": [ { diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index 948e801..3061344 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -4,11 +4,11 @@ "Will Metcalf", "KahuSecurity" ], + "category": "tool", "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years", "name": "Exploit-Kit", "source": "MISP Project", "type": "exploit-kit", - "category": "tool", "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01", "values": [ { diff --git a/clusters/malpedia.json b/clusters/malpedia.json index 118944b..d5fda06 100644 --- a/clusters/malpedia.json +++ b/clusters/malpedia.json @@ -5,11 +5,11 @@ "Andrea Garavaglia", "Davide Arcuri" ], + "category": "tool", "description": "Malware galaxy cluster based on Malpedia.", "name": "Malpedia", "source": "Malpedia", "type": "malpedia", - "category": "tool", "uuid": "5fc98d08-90a4-498a-ad2e-0edf50ef374e", "values": [ { diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index d4f1d1f..8538392 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -2,11 +2,11 @@ "authors": [ "Various" ], + "category": "actor", "description": "Activity groups as described by Microsoft", "name": "Microsoft Activity Group actor", "source": "MISP Project", "type": "microsoft-activity-group", - "category": "actor", "uuid": "28b5e55d-acba-4748-a79d-0afa3512689a", "values": [ { diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index a5b24f0..5c206c3 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "Enterprise Attack -intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-intrusion-set", - "category": "actor", "uuid": "01f18402-1708-11e8-ac1c-1ffb3c4a7775", "values": [ { diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index f79c6b0..1158410 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Enterprise Attack - Malware", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-malware", - "category": "tool", "uuid": "fbd79f02-1707-11e8-b1c7-87406102276a", "values": [ { diff --git a/clusters/mitre-enterprise-attack-tool.json b/clusters/mitre-enterprise-attack-tool.json index 3cc3e2c..7ae49b3 100644 --- a/clusters/mitre-enterprise-attack-tool.json +++ b/clusters/mitre-enterprise-attack-tool.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Enterprise Attack - Tool", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-tool", - "category": "tool", "uuid": "fc1ea6e0-1707-11e8-ac05-2b70d00c354e", "values": [ { diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index a768440..90c558a 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-intrusion-set", - "category": "actor", "uuid": "10df003c-7831-11e7-bdb9-971cdd1218df", "values": [ { diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index 10f1bac..71863f4 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Malware", "source": "https://github.com/mitre/cti", "type": "mitre-malware", - "category": "tool", "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4", "values": [ { diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json index 5a2dee4..4f52b18 100644 --- a/clusters/mitre-mobile-attack-intrusion-set.json +++ b/clusters/mitre-mobile-attack-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "Mobile Attack - intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-intrusion-set", - "category": "actor", "uuid": "02ab4018-1708-11e8-8f9d-e735aabdfa53", "values": [ { diff --git a/clusters/mitre-mobile-attack-malware.json b/clusters/mitre-mobile-attack-malware.json index 5b3637d..d78f394 100644 --- a/clusters/mitre-mobile-attack-malware.json +++ b/clusters/mitre-mobile-attack-malware.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Mobile Attack - Malware", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-malware", - "category": "tool", "uuid": "04a165aa-1708-11e8-b2da-c7d7625f4a4f", "values": [ { diff --git a/clusters/mitre-mobile-attack-tool.json b/clusters/mitre-mobile-attack-tool.json index 6ba33c6..6805907 100644 --- a/clusters/mitre-mobile-attack-tool.json +++ b/clusters/mitre-mobile-attack-tool.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Mobile Attack - Tool", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-tool", - "category": "tool", "uuid": "02cee87e-1708-11e8-8f15-8b33e4d6194b", "values": [ { diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index 897c4bf..94ed408 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "Pre Attack - intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-pre-attack-intrusion-set", - "category": "actor", "uuid": "1fdc8fa2-1708-11e8-99a3-67b4efc13c4f", "values": [ { diff --git a/clusters/mitre-tool.json b/clusters/mitre-tool.json index 4213cbf..f428d0d 100644 --- a/clusters/mitre-tool.json +++ b/clusters/mitre-tool.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Tool", "source": "https://github.com/mitre/cti", "type": "mitre-tool", - "category": "tool", "uuid": "d700dc5c-78f6-11e7-a476-5f748c8e4fe0", "values": [ { diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 1ffab00..a44901d 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -3,11 +3,11 @@ "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml", "http://pastebin.com/raw/GHgpWjar" ], + "category": "tool", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar", "name": "Ransomware", "source": "Various", "type": "ransomware", - "category": "tool", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "values": [ { diff --git a/clusters/rat.json b/clusters/rat.json index 8848fe1..1612b6e 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -3,11 +3,11 @@ "Various", "raw-data" ], + "category": "tool", "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.", "name": "RAT", "source": "MISP Project", "type": "rat", - "category": "tool", "uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "values": [ { diff --git a/clusters/stealer.json b/clusters/stealer.json index 95f7394..c54d6c9 100644 --- a/clusters/stealer.json +++ b/clusters/stealer.json @@ -2,11 +2,11 @@ "authors": [ "raw-data" ], + "category": "tool", "description": "A list of malware stealer.", "name": "Stealer", "source": "Open Sources", "type": "stealer", - "category": "tool", "uuid": "f2ef4033-9001-4427-a418-df8c48e6d054", "values": [ { diff --git a/clusters/tds.json b/clusters/tds.json index 57f60b8..5865325 100644 --- a/clusters/tds.json +++ b/clusters/tds.json @@ -2,11 +2,11 @@ "authors": [ "Kafeine" ], + "category": "tool", "description": "TDS is a list of Traffic Direction System used by adversaries", "name": "TDS", "source": "MISP Project", "type": "tds", - "category": "tool", "uuid": "ab5fffaa-c5f6-11e6-9d9d-cec0c932ce01", "values": [ { diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 56f3069..d53e757 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -6,11 +6,11 @@ "Timo Steffens", "Various" ], + "category": "actor", "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "name": "Threat actor", "source": "MISP Project", "type": "threat-actor", - "category": "actor", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", "values": [ { diff --git a/clusters/tool.json b/clusters/tool.json index 15f20f6..3527545 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7,11 +7,11 @@ "Dennis Rand", "raw-data" ], + "category": "tool", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "name": "Tool", "source": "MISP Project", "type": "tool", - "category": "tool", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "values": [ { diff --git a/schema_clusters.json b/schema_clusters.json index 36f22c3..4cf095b 100644 --- a/schema_clusters.json +++ b/schema_clusters.json @@ -25,7 +25,7 @@ }, "category": { "type": "string" - }, + }, "values": { "type": "array", "uniqueItems": true,