2016-10-27 07:38:17 +02:00
{
2016-10-27 10:04:33 +02:00
"DDoS" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:availability=\"dos\"" ,
"rsit:availability=\"ddos\"" ,
"rsit:vulnerable=\"ddos-amplifier\"" ,
2016-10-27 10:04:33 +02:00
"ecsirt:availability=\"ddos\"" ,
"europol-incident:availability=\"dos-ddos\"" ,
"ms-caro-malware:malware-type=\"DDoS\"" ,
"circl:incident-classification=\"denial-of-service\"" ,
"enisa:nefarious-activity-abuse=\"denial-of-service\""
]
} ,
"SQLi" : {
"values" : [
"circl:incident-classification=\"sql-injection\"" ,
"veris:action:malware:variety=\"SQL injection\"" ,
"veris:action:hacking:variety=\"SQLi\"" ,
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"" ,
"europol-event:sql-injection"
]
} ,
"rootkit" : {
"values" : [
"veris:action:malware:variety=\"Rootkit\"" ,
"enisa:nefarious-activity-abuse=\"rootkits\"" ,
"malware_classification:malware-category=\"Rootkit\""
]
} ,
"exploit" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:intrusion-attempts=\"exploit\"" ,
2016-10-27 10:04:33 +02:00
"veris:action:malware:variety=\"Exploit vuln\"" ,
"ecsirt:intrusion-attempts=\"exploit\"" ,
"europol-event:exploit" ,
"europol-incident:intrusion=\"exploitation-vulnerability\"" ,
"ms-caro-malware:malware-type=\"Exploit\""
]
} ,
"malware" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:malicious-code=\"malware-distribution\"" ,
"rsit:malicious-code=\"malware-configuration\"" ,
2016-10-27 10:04:33 +02:00
"ecsirt:malicious-code=\"malware\"" ,
"circl:incident-classification=\"malware\""
]
} ,
"Remote Access Tool" : {
"values" : [
"enisa:nefarious-activity-abuse=\"remote-access-tool\"" ,
"ms-caro-malware:malware-type=\"RemoteAccess\""
]
} ,
"ransomware" : {
"values" : [
"ecsirt:malicious-code=\"ransomware\"" ,
"enisa:nefarious-activity-abuse=\"ransomware\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"ms-caro-malware:malware-type=\"Ransom\"" ,
"veris:action:malware:variety=\"Ransomware\""
] ,
"description" : "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)"
2016-10-31 10:55:35 +01:00
} ,
"spam" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:abusive-content=\"spam\"" ,
2016-10-31 10:55:35 +01:00
"circl:incident-classification=\"spam\"" ,
"ecsirt:abusive-content=\"spam\"" ,
"enisa:nefarious-activity-abuse=\"spam\"" ,
"europol-event:spam" ,
"europol-incident:abusive-content=\"spam\"" ,
"veris:action:malware:variety=\"Spam\"" ,
"veris:action:social:variety=\"Spam\""
]
} ,
"scan" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:information-gathering=\"scanner\"" ,
2016-10-31 10:55:35 +01:00
"circl:incident-classification=\"scan\"" ,
2017-10-25 16:51:12 +02:00
"ecsirt:information-gathering=\"scanner\"" ,
2016-10-31 10:55:35 +01:00
"europol-incident:information-gathering=\"scanning\""
]
} ,
"scan network" : {
"values" : [
"veris:action:malware:variety=\"Scan network\"" ,
"europol-event:network-scanning"
]
} ,
"xss" : {
"values" : [
"circl:incident-classification=\"XSS\"" ,
"europol-event:xss "
]
} ,
"phishing" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:fraud=\"phishing\"" ,
2016-10-31 10:55:35 +01:00
"circl:incident-classification=\"phishing\"" ,
"ecsirt:fraud=\"phishing\"" ,
"veris:action:social:variety=\"Phishing\"" ,
"europol-incident:information-gathering=\"phishing\"" ,
"enisa:nefarious-activity-abuse=\"phishing-attacks\""
]
} ,
"brute force" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:intrusion-attempts=\"brute-force\"" ,
2016-10-31 10:55:35 +01:00
"ecsirt:intrusion-attempts=\"brute-force\"" ,
"veris:action:malware:variety=\"Brute force\"" ,
"europol-event:brute-force-attempt" ,
"enisa:nefarious-activity-abuse=\"brute-force\""
]
} ,
"backdoor" : {
"values" : [
"ecsirt:intrusions=\"backdoor\"" ,
"veris:action:malware:variety=\"Backdoor\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
"c&c" : {
"values" : [
2019-05-14 13:32:40 +02:00
"rsit:malicious-code=\"c2-server\"" ,
2016-10-31 10:55:35 +01:00
"ecsirt:malicious-code=\"c&c\"" ,
"europol-incident:malware=\"c&c\"" ,
"europol-event:c&c-server-hosting" ,
"veris:action:malware:variety=\"C2\""
]
} ,
"Brute Force" : {
"values" : [
"ecsirt:intrusion-attempts=\"brute-force\"" ,
"veris:action:malware:variety=\"Brute force\"" ,
"europol-event:brute-force-attempt" ,
"enisa:nefarious-activity-abuse=\"brute-force\""
]
} ,
"Adware" : {
"values" : [
"veris:action:malware:variety=\"Adware\"" ,
"malware_classification:malware-category=\"Adware\"" ,
"ms-caro-malware:malware-type=\"Adware\""
]
} ,
"Downloader" : {
"values" : [
"veris:action:malware:variety=\"Downloader\"" ,
"malware_classification:malware-category=\"Downloader\""
]
} ,
"Spyware" : {
"values" : [
"veris:action:malware:variety=\"Spyware/Keylogger\"" ,
"malware_classification:malware-category=\"Spyware\"" ,
"ms-caro-malware:malware-type=\"Spyware\"" ,
"enisa:nefarious-activity-abuse=\"spyware-or-deceptive-adware\""
]
} ,
"Trojan" : {
"values" : [
"malware_classification:malware-category=\"Trojan\"" ,
2017-10-25 16:24:40 +02:00
"ms-caro-malware:malware-type=\"Trojan\"" ,
"ecsirt:malicious-code=\"trojan\""
2016-10-31 10:55:35 +01:00
]
} ,
"Virus" : {
"values" : [
"malware_classification:malware-category=\"Virus\"" ,
2017-10-25 16:24:40 +02:00
"ms-caro-malware:malware-type=\"Virus\"" ,
"ecsirt:malicious-code=\"virus\""
2016-10-31 10:55:35 +01:00
]
} ,
"Worm" : {
"values" : [
"veris:action:malware:variety=\"Worm\"" ,
"malware_classification:malware-category=\"Worm\"" ,
2017-10-25 16:24:40 +02:00
"ms-caro-malware:malware-type=\"Worm\"" ,
"ecsirt:malicious-code=\"worm\""
2016-10-31 10:55:35 +01:00
]
2017-05-19 15:11:06 +02:00
} ,
2019-05-14 14:21:40 +02:00
"content" : {
2019-05-14 13:32:40 +02:00
"values" : [
"rsit:abusive-content=\"harmful-speech\"" ,
"rsit:abusive-content=\"violence\"" ,
"rsit:fraud=\"copyright\"" ,
"rsit:fraud=\"masquerade\""
]
} ,
"other" : {
"values" : [
"rsit:other=\"other\""
]
} ,
"test" : {
"values" : [
"rsit:test=\"test\""
]
} ,
2017-05-19 15:11:06 +02:00
"tlp-white" : {
"values" : [
"tlp:white" ,
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"WHITE\""
2017-05-19 15:11:06 +02:00
]
} ,
"tlp-green" : {
"values" : [
"tlp:green" ,
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"GREEN\""
2017-05-19 15:11:06 +02:00
]
} ,
"tlp-amber" : {
"values" : [
"tlp:amber" ,
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"AMBER\""
2017-05-19 15:11:06 +02:00
]
} ,
"tlp-red" : {
"values" : [
"tlp:red" ,
2017-05-19 15:50:50 +02:00
"iep:traffic-light-protocol=\"RED\""
2017-05-19 15:11:06 +02:00
]
2016-10-27 10:04:33 +02:00
}
2016-10-27 07:38:17 +02:00
}