Merge pull request #288 from cvandeplas/master

categorization of galaxies
2018-10-19 10:44:54 +02:00 · 2018-10-19 10:44:54 +02:00 · f7eb48b0fb
parent 0ecf34f06e 9dddc4427c
commit f7eb48b0fb
24 changed files with 26 additions and 0 deletions
--- a/clusters/android.json
+++ b/clusters/android.json
@ -2,6 +2,7 @@
  "authors": [
    "Unknown"
  ],
+  "category": "tool",
  "description": "Android malware galaxy based on multiple open sources.",
  "name": "Android",
  "source": "Open Sources",
--- a/clusters/backdoor.json
+++ b/clusters/backdoor.json
@ -2,6 +2,7 @@
  "authors": [
    "raw-data"
  ],
+  "category": "tool",
  "description": "A list of backdoor malware.",
  "name": "Backdoor",
  "source": "Open Sources",
--- a/clusters/banker.json
+++ b/clusters/banker.json
@ -3,6 +3,7 @@
    "Unknown",
    "raw-data"
  ],
+  "category": "tool",
  "description": "A list of banker malware.",
  "name": "Banker",
  "source": "Open Sources",
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@ -2,6 +2,7 @@
  "authors": [
    "Various"
  ],
+  "category": "tool",
  "description": "botnet galaxy",
  "name": "Botnet",
  "source": "MISP Project",
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -4,6 +4,7 @@
    "Will Metcalf",
    "KahuSecurity"
  ],
+  "category": "tool",
  "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
  "name": "Exploit-Kit",
  "source": "MISP Project",
--- a/clusters/malpedia.json
+++ b/clusters/malpedia.json
@ -5,6 +5,7 @@
    "Andrea Garavaglia",
    "Davide Arcuri"
  ],
+  "category": "tool",
  "description": "Malware galaxy cluster based on Malpedia.",
  "name": "Malpedia",
  "source": "Malpedia",
--- a/clusters/microsoft-activity-group.json
+++ b/clusters/microsoft-activity-group.json
@ -2,6 +2,7 @@
  "authors": [
    "Various"
  ],
+  "category": "actor",
  "description": "Activity groups as described by Microsoft",
  "name": "Microsoft Activity Group actor",
  "source": "MISP Project",
--- a/clusters/mitre-enterprise-attack-intrusion-set.json
+++ b/clusters/mitre-enterprise-attack-intrusion-set.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "actor",
  "description": "Name of ATT&CK Group",
  "name": "Enterprise Attack -intrusion Set",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-enterprise-attack-malware.json
+++ b/clusters/mitre-enterprise-attack-malware.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "tool",
  "description": "Name of ATT&CK software",
  "name": "Enterprise Attack - Malware",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-enterprise-attack-tool.json
+++ b/clusters/mitre-enterprise-attack-tool.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "tool",
  "description": "Name of ATT&CK software",
  "name": "Enterprise Attack - Tool",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-intrusion-set.json
+++ b/clusters/mitre-intrusion-set.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "actor",
  "description": "Name of ATT&CK Group",
  "name": "intrusion Set",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-malware.json
+++ b/clusters/mitre-malware.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "tool",
  "description": "Name of ATT&CK software",
  "name": "Malware",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-mobile-attack-intrusion-set.json
+++ b/clusters/mitre-mobile-attack-intrusion-set.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "actor",
  "description": "Name of ATT&CK Group",
  "name": "Mobile Attack - intrusion Set",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-mobile-attack-malware.json
+++ b/clusters/mitre-mobile-attack-malware.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "tool",
  "description": "Name of ATT&CK software",
  "name": "Mobile Attack - Malware",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-mobile-attack-tool.json
+++ b/clusters/mitre-mobile-attack-tool.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "tool",
  "description": "Name of ATT&CK software",
  "name": "Mobile Attack - Tool",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-pre-attack-intrusion-set.json
+++ b/clusters/mitre-pre-attack-intrusion-set.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "actor",
  "description": "Name of ATT&CK Group",
  "name": "Pre Attack - intrusion Set",
  "source": "https://github.com/mitre/cti",
--- a/clusters/mitre-tool.json
+++ b/clusters/mitre-tool.json
@ -2,6 +2,7 @@
  "authors": [
    "MITRE"
  ],
+  "category": "tool",
  "description": "Name of ATT&CK software",
  "name": "Tool",
  "source": "https://github.com/mitre/cti",
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -3,6 +3,7 @@
    "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml",
    "http://pastebin.com/raw/GHgpWjar"
  ],
+  "category": "tool",
  "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar",
  "name": "Ransomware",
  "source": "Various",
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -3,6 +3,7 @@
    "Various",
    "raw-data"
  ],
+  "category": "tool",
  "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
  "name": "RAT",
  "source": "MISP Project",
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@ -2,6 +2,7 @@
  "authors": [
    "raw-data"
  ],
+  "category": "tool",
  "description": "A list of malware stealer.",
  "name": "Stealer",
  "source": "Open Sources",
--- a/clusters/tds.json
+++ b/clusters/tds.json
@ -2,6 +2,7 @@
  "authors": [
    "Kafeine"
  ],
+  "category": "tool",
  "description": "TDS is a list of Traffic Direction System used by adversaries",
  "name": "TDS",
  "source": "MISP Project",
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -6,6 +6,7 @@
    "Timo Steffens",
    "Various"
  ],
+  "category": "actor",
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "name": "Threat actor",
  "source": "MISP Project",
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -7,6 +7,7 @@
    "Dennis Rand",
    "raw-data"
  ],
+  "category": "tool",
  "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
  "name": "Tool",
  "source": "MISP Project",
--- a/schema_clusters.json
+++ b/schema_clusters.json
@ -23,6 +23,9 @@
    "source": {
      "type": "string"
    },
+    "category": {
+      "type": "string"
+    },
    "values": {
      "type": "array",
      "uniqueItems": true,