{
  "values": [
    {
      "description": "Cover vulnerabilities exploit (0day, 1day, nday), exploit kit",
      "value": "Exploits"
    },
    {
      "description": "Deep-Dark Web forum, marketplace, hosting, etc",
      "value": "Infrastructure"
    },
    {
      "description": "Malware family",
      "value": "Malware"
    },
    {
      "description": "Legitimate SW or HW repurposed for malicious use",
      "value": "Tools"
    },
    {
      "description": "Does not belong to any of the other category",
      "value": "Other"
    },
    {
      "description": "Undetermined category",
      "value": "Unknown"
    },
    {
      "description": "Specific attack patterns (specific to a technology, to an author, not widely used, etc)",
      "value": "Attack Patterns (S)"
    },
    {
      "description": "Generic attack pattern, mehod, technique",
      "value": "Attack Patterns (G)"
    },
    {
      "description": "Non-technical description of threat actor activities (information war, destruction, hybrid, etc)",
      "value": "Tactic"
    },
    {
      "description": "Asset being targeted (MacOS, Android, ICS, IoT, Cryptocurrency, ect)",
      "value": "Targeting"
    }
  ],
  "version" : 2,
  "description": "ttp category vocab as defined by Cert EU.",
  "source": "Cert EU",
  "author": ["Cert EU"],
  "uuid": "54e405b6-b017-11e7-b2f7-df581d1a8587",
  "type": "ttp-category-vocabulary"
}