misp-taxonomies/common-taxonomy/machinetag.json

214 lines
9.7 KiB
JSON
Raw Permalink Normal View History

{
"values": [
{
"entry": [
{
"description": "Malware detected in a system.",
"expanded": "Infection",
"value": "infection"
},
{
"description": "Malware attached to a message or email message containing link to malicious URL or IP.",
"expanded": "Distribution",
"value": "distribution"
},
{
"description": "System used as a command-and-control point by a botnet. Also included in this field are systems serving as a point for gathering information stolen by botnets.",
"expanded": "Command & Control (C&C)",
"value": "command-and-control"
},
{
"description": "System attempting to gain access to a port normally linked to a specific type of malware / System attempting to gain access to an IP address or URL normally linked to a specific type of malware, e.g. C&C or a distribution page for components linked to a specific botnet.",
"expanded": "Malicious connection",
"value": "malicious-connection"
}
],
"predicate": "malware"
},
{
"entry": [
{
"description": "Single source using specially designed software to affect the normal functioning of a specific service, by exploiting vulnerability / Mass mailing of requests (network packets, emails, etc.) from one single source to a specific service, aimed at affecting its normal functioning.",
"expanded": "Denial of Service (DoS) / Distributed Denial of Service (DDoS)",
"value": "dos-ddos"
},
{
"description": "Logical and physical activities which although they are not aimed at causing damage to information or at preventing its transmission among systems have this effect.",
"expanded": "Sabotage",
"value": "sabotage"
}
],
"predicate": "availability"
},
{
"entry": [
{
"description": "Single system scan searching for open ports or services using these ports for responding / Scanning a network aimed at identifying systems which are active in the same network / Transfer of a specific DNS zone.",
"expanded": "Scanning",
"value": "scanning"
},
{
"description": "Logical or physical interception of communications.",
"expanded": "Sniffing",
"value": "sniffing"
},
{
"description": "Mass emailing aimed at collecting data for phishing purposes with regard to the victims / Hosting web sites for phishing purposes.",
"expanded": "Phishing",
"value": "phishing"
}
],
"predicate": "information-gathering"
},
{
"entry": [
{
"description": "Unsuccessful use of a tool exploiting a specific vulnerability of the system / Unsuccessful attempt to manipulate or read the information of a database by using the SQL injection technique / Unsuccessful attempts to perform attacks by using cross-site scripting techniques / Unsuccessful attempt to include files in the system under attack by using file inclusion techniques / Unauthorised access to a system or component by bypassing an access control system in place.",
"expanded": "Exploitation of vulnerability attempt",
"value": "vulnerability-exploitation-attempt"
},
{
"description": "Unsuccessful login by using sequential credentials for gaining access to the system / Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys / Unsuccessful login by using system access credentials previously loaded into a dictionary.",
"expanded": "Login attempt",
"value": "login-attempt"
}
],
"predicate": "intrusion-attempt"
},
{
"entry": [
{
"description": "Unauthorised use of a tool exploiting a specific vulnerability of the system / Unauthorised manipulation or reading of information contained in a database by using the SQL injection technique / Attack performed with the use of cross-site scripting techniques / Unauthorised inclusion of files into a system under attack with the use of file inclusion techniques / Unauthorised access to a system or component by bypassing an access control system in place.",
"expanded": "(Successful) Exploitation of vulnerability",
"value": "vulnerability-exploitation"
},
{
"description": "Unauthorised access to a system or component by using stolen access credentials.",
"expanded": "Compromising an account",
"value": "account-compromise"
}
],
"predicate": "intrusion"
},
{
"entry": [
{
"description": "Unauthorised access to a system or component / Unauthorised access to a set of information / Unauthorised access to and sharing of a specific set of information.",
"expanded": "Unauthorised access",
"value": "unauthorised-access"
},
{
"description": "Unauthorised changes to a specific set of information / Unauthorised deleting of a specific set of information.",
"expanded": "Unauthorised modification / deletion",
"value": "unauthorised-modification-or-deletion"
}
],
"predicate": "information-security"
},
{
"entry": [
{
"description": "Use of institutional resources for purposes other than those intended.",
"expanded": "Misuse or unauthorised use of resources",
"value": "resources-misuse"
},
{
"description": "Unauthorised use of the name of an institution.",
"expanded": "False representation",
"value": "false-representation"
}
],
"predicate": "fraud"
},
{
"entry": [
{
"description": "Sending an unusually large quantity of email messages / Unsolicited or unwanted email message sent to the recipient.",
"expanded": "SPAM",
"value": "spam"
},
{
"description": "Unauthorised distribution or sharing of content protected by Copyright and related rights.",
"expanded": "Copyright",
"value": "copyright"
},
{
"description": "Distribution or sharing of illegal content such as child sexual exploitation material, racism, xenophobia, etc.",
"expanded": "Child Sexual Exploitation, racism or incitement to violence",
"value": "cse-racism-violence-incitement"
}
],
"predicate": "abusive-content"
},
{
"entry": [
{
"description": "Incidents which do not fit the existing classification, acting as an indicator for the classifications update.",
"expanded": "Unclassified incident",
"value": "unclassified-incident"
},
{
"description": "Unprocessed incidents which have remained undetermined from the beginning.",
"expanded": "Undetermined incident",
"value": "undetermined-incident"
}
],
"predicate": "other"
}
],
"predicates": [
{
"description": "Infection of one or various systems with a specific type of malware / Connection performed by/from/to (a) suspicious system(s)",
"expanded": "Malicious software/code",
"value": "malware"
},
{
"description": "Disruption of the processing and response capacity of systems and networks in order to render them inoperative / Premeditated action to damage a system, interrupt a process, change or delete information, etc.",
"expanded": "Availability",
"value": "availability"
},
{
"description": "Active and passive gathering of information on systems or networks / Unauthorised monitoring and reading of network traffic / Attempt to gather information on a user or a system through phishing methods.",
"expanded": "Information Gathering",
"value": "information-gathering"
},
{
"description": "Attempt to intrude by exploiting vulnerability in a system, component or network / Attempt to log in to services or authentication/access control mechanisms.",
"expanded": "Intrusion Attempt",
"value": "intrusion-attempt"
},
{
"description": "Actual intrusion by exploiting vulnerability in the system, component or network / Actual intrusion in a system, component or network by compromising a user or administrator account.",
"expanded": "Intrusion",
"value": "intrusion"
},
{
"description": "Unauthorised access to a particular set of information / Unauthorised change or elimination of a particular set of information.",
"expanded": "Information Security",
"value": "information-security"
},
{
"description": "Loss of property caused with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person.",
"expanded": "Fraud",
"value": "fraud"
},
{
"description": "Sending SPAM messages / Distribution and sharing of copyright protected content / Dissemination of content forbidden by law.",
"expanded": "Abusive Content",
"value": "abusive-content"
},
{
"description": "Incidents not classified in the existing classification.",
"expanded": "Other",
"value": "other"
}
],
2019-04-07 21:31:45 +02:00
"version": 3,
"description": "Common Taxonomy for Law enforcement and CSIRTs",
"refs": [
"https://www.europol.europa.eu/publications-documents/common-taxonomy-for-law-enforcement-and-csirts",
"https://www.enisa.europa.eu/publications/tools-and-methodologies-to-support-cooperation-between-csirts-and-law-enforcement"
],
"namespace": "common-taxonomy"
}