misp-taxonomies/mapping/mapping.json

225 lines
6.3 KiB
JSON
Raw Permalink Normal View History

{
"DDoS": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:availability=\"dos\"",
"rsit:availability=\"ddos\"",
"rsit:vulnerable=\"ddos-amplifier\"",
"ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"",
"ms-caro-malware:malware-type=\"DDoS\"",
"circl:incident-classification=\"denial-of-service\"",
"enisa:nefarious-activity-abuse=\"denial-of-service\""
]
},
"SQLi": {
"values": [
"circl:incident-classification=\"sql-injection\"",
"veris:action:malware:variety=\"SQL injection\"",
"veris:action:hacking:variety=\"SQLi\"",
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
"europol-event:sql-injection"
]
},
"rootkit": {
"values": [
"veris:action:malware:variety=\"Rootkit\"",
"enisa:nefarious-activity-abuse=\"rootkits\"",
"malware_classification:malware-category=\"Rootkit\""
]
},
"exploit": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:intrusion-attempts=\"exploit\"",
"veris:action:malware:variety=\"Exploit vuln\"",
"ecsirt:intrusion-attempts=\"exploit\"",
"europol-event:exploit",
"europol-incident:intrusion=\"exploitation-vulnerability\"",
"ms-caro-malware:malware-type=\"Exploit\""
]
},
"malware": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:malicious-code=\"malware-distribution\"",
"rsit:malicious-code=\"malware-configuration\"",
"ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\""
]
},
"Remote Access Tool": {
"values": [
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
"ms-caro-malware:malware-type=\"RemoteAccess\""
]
},
"ransomware": {
"values": [
"ecsirt:malicious-code=\"ransomware\"",
"enisa:nefarious-activity-abuse=\"ransomware\"",
"malware_classification:malware-category=\"Ransomware\"",
"ms-caro-malware:malware-type=\"Ransom\"",
"veris:action:malware:variety=\"Ransomware\""
],
"description": "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)"
2016-10-31 10:55:35 +01:00
},
"spam": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:abusive-content=\"spam\"",
2016-10-31 10:55:35 +01:00
"circl:incident-classification=\"spam\"",
"ecsirt:abusive-content=\"spam\"",
"enisa:nefarious-activity-abuse=\"spam\"",
"europol-event:spam",
"europol-incident:abusive-content=\"spam\"",
"veris:action:malware:variety=\"Spam\"",
"veris:action:social:variety=\"Spam\""
]
},
"scan": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:information-gathering=\"scanner\"",
2016-10-31 10:55:35 +01:00
"circl:incident-classification=\"scan\"",
2017-10-25 16:51:12 +02:00
"ecsirt:information-gathering=\"scanner\"",
2016-10-31 10:55:35 +01:00
"europol-incident:information-gathering=\"scanning\""
]
},
"scan network": {
"values": [
"veris:action:malware:variety=\"Scan network\"",
"europol-event:network-scanning"
]
},
"xss": {
"values": [
"circl:incident-classification=\"XSS\"",
"europol-event:xss "
]
},
"phishing": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:fraud=\"phishing\"",
2016-10-31 10:55:35 +01:00
"circl:incident-classification=\"phishing\"",
"ecsirt:fraud=\"phishing\"",
"veris:action:social:variety=\"Phishing\"",
"europol-incident:information-gathering=\"phishing\"",
"enisa:nefarious-activity-abuse=\"phishing-attacks\""
]
},
"brute force": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:intrusion-attempts=\"brute-force\"",
2016-10-31 10:55:35 +01:00
"ecsirt:intrusion-attempts=\"brute-force\"",
"veris:action:malware:variety=\"Brute force\"",
"europol-event:brute-force-attempt",
"enisa:nefarious-activity-abuse=\"brute-force\""
]
},
"backdoor": {
"values": [
"ecsirt:intrusions=\"backdoor\"",
"veris:action:malware:variety=\"Backdoor\"",
"ms-caro-malware:malware-type=\"Backdoor\""
]
},
"c&c": {
"values": [
2019-05-14 13:32:40 +02:00
"rsit:malicious-code=\"c2-server\"",
2016-10-31 10:55:35 +01:00
"ecsirt:malicious-code=\"c&c\"",
"europol-incident:malware=\"c&c\"",
"europol-event:c&c-server-hosting",
"veris:action:malware:variety=\"C2\""
]
},
"Brute Force": {
"values": [
"ecsirt:intrusion-attempts=\"brute-force\"",
"veris:action:malware:variety=\"Brute force\"",
"europol-event:brute-force-attempt",
"enisa:nefarious-activity-abuse=\"brute-force\""
]
},
"Adware": {
"values": [
"veris:action:malware:variety=\"Adware\"",
"malware_classification:malware-category=\"Adware\"",
"ms-caro-malware:malware-type=\"Adware\""
]
},
"Downloader": {
"values": [
"veris:action:malware:variety=\"Downloader\"",
"malware_classification:malware-category=\"Downloader\""
]
},
"Spyware": {
"values": [
"veris:action:malware:variety=\"Spyware/Keylogger\"",
"malware_classification:malware-category=\"Spyware\"",
"ms-caro-malware:malware-type=\"Spyware\"",
"enisa:nefarious-activity-abuse=\"spyware-or-deceptive-adware\""
]
},
"Trojan": {
"values": [
"malware_classification:malware-category=\"Trojan\"",
2017-10-25 16:24:40 +02:00
"ms-caro-malware:malware-type=\"Trojan\"",
"ecsirt:malicious-code=\"trojan\""
2016-10-31 10:55:35 +01:00
]
},
"Virus": {
"values": [
"malware_classification:malware-category=\"Virus\"",
2017-10-25 16:24:40 +02:00
"ms-caro-malware:malware-type=\"Virus\"",
"ecsirt:malicious-code=\"virus\""
2016-10-31 10:55:35 +01:00
]
},
"Worm": {
"values": [
"veris:action:malware:variety=\"Worm\"",
"malware_classification:malware-category=\"Worm\"",
2017-10-25 16:24:40 +02:00
"ms-caro-malware:malware-type=\"Worm\"",
"ecsirt:malicious-code=\"worm\""
2016-10-31 10:55:35 +01:00
]
2017-05-19 15:11:06 +02:00
},
"content": {
2019-05-14 13:32:40 +02:00
"values": [
"rsit:abusive-content=\"harmful-speech\"",
"rsit:abusive-content=\"violence\"",
"rsit:fraud=\"copyright\"",
"rsit:fraud=\"masquerade\""
]
},
"other": {
"values": [
"rsit:other=\"other\""
]
},
"test": {
"values": [
"rsit:test=\"test\""
]
},
2017-05-19 15:11:06 +02:00
"tlp-white": {
"values": [
"tlp:white",
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"WHITE\""
2017-05-19 15:11:06 +02:00
]
},
"tlp-green": {
"values": [
"tlp:green",
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"GREEN\""
2017-05-19 15:11:06 +02:00
]
},
"tlp-amber": {
"values": [
"tlp:amber",
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"AMBER\""
2017-05-19 15:11:06 +02:00
]
},
"tlp-red": {
"values": [
"tlp:red",
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"RED\""
2017-05-19 15:11:06 +02:00
]
}
}