misp-taxonomies/maec-malware-capabilities/machinetag.json

{
  "namespace": "maec-malware-capabilities",
  "description": "Malware Capabilities based on MAEC 5.0",
  "version": 2,
  "predicates": [
    {
      "value": "maec-malware-capability",
      "expanded": "MAEC Malware capability"
    }
  ],
  "values": [
    {
      "predicate": "maec-malware-capability",
      "entry": [
        {
          "value": "anti-behavioral-analysis",
          "expanded": "anti-behavioral-analysis"
        },
        {
          "value": "anti-code-analysis",
          "expanded": "anti-code-analysis"
        },
        {
          "value": "anti-detection",
          "expanded": "anti-detection"
        },
        {
          "value": "anti-removal",
          "expanded": "anti-removal"
        },
        {
          "value": "availability-violation",
          "expanded": "availability-violation"
        },
        {
          "value": "collection",
          "expanded": "collection"
        },
        {
          "value": "command-and-control",
          "expanded": "command-and-control"
        },
        {
          "value": "data-theft",
          "expanded": "data-theft"
        },
        {
          "value": "destruction",
          "expanded": "destruction"
        },
        {
          "value": "discovery",
          "expanded": "discovery"
        },
        {
          "value": "exfiltration",
          "expanded": "exfiltration"
        },
        {
          "value": "fraud",
          "expanded": "fraud"
        },
        {
          "value": "infection-propagation",
          "expanded": "infection-propagation"
        },
        {
          "value": "integrity-violation",
          "expanded": "integrity-violation"
        },
        {
          "value": "machine-access-control",
          "expanded": "machine-access-control"
        },
        {
          "value": "persistence",
          "expanded": "persistence"
        },
        {
          "value": "privilege-escalation",
          "expanded": "privilege-escalation"
        },
        {
          "value": "secondary-operation",
          "expanded": "secondary-operation"
        },
        {
          "value": "security-degradation",
          "expanded": "security-degradation"
        },
        {
          "value": "access-control-degradation",
          "expanded": "access-control-degradation"
        },
        {
          "value": "anti-debugging",
          "expanded": "anti-debugging"
        },
        {
          "value": "anti-disassembly",
          "expanded": "anti-disassembly"
        },
        {
          "value": "anti-emulation",
          "expanded": "anti-emulation"
        },
        {
          "value": "anti-memory-forensics",
          "expanded": "anti-memory-forensics"
        },
        {
          "value": "anti-sandbox",
          "expanded": "anti-sandbox"
        },
        {
          "value": "anti-virus-evasion",
          "expanded": "anti-virus-evasion"
        },
        {
          "value": "anti-vm",
          "expanded": "anti-vm"
        },
        {
          "value": "authentication-credentials-theft",
          "expanded": "authentication-credentials-theft"
        },
        {
          "value": "clean-traces-of-infection",
          "expanded": "clean-traces-of-infection"
        },
        {
          "value": "communicate-with-c2-server",
          "expanded": "communicate-with-c2-server"
        },
        {
          "value": "compromise-data-availability",
          "expanded": "compromise-data-availability"
        },
        {
          "value": "compromise-system-availability",
          "expanded": "compromise-system-availability"
        },
        {
          "value": "consume-system-resources",
          "expanded": "consume-system-resources"
        },
        {
          "value": "continuous-execution",
          "expanded": "continuous-execution"
        },
        {
          "value": "data-integrity-violation",
          "expanded": "data-integrity-violation"
        },
        {
          "value": "data-obfuscation",
          "expanded": "data-obfuscation"
        },
        {
          "value": "data-staging",
          "expanded": "data-staging"
        },
        {
          "value": "determine-c2-server",
          "expanded": "determine-c2-server"
        },
        {
          "value": "email-spam",
          "expanded": "email-spam"
        },
        {
          "value": "ensure-compatibility",
          "expanded": "ensure-compatibility"
        },
        {
          "value": "environment-awareness",
          "expanded": "environment-awareness"
        },
        {
          "value": "file-infection",
          "expanded": "file-infection"
        },
        {
          "value": "hide-artifacts",
          "expanded": "hide-artifacts"
        },
        {
          "value": "hide-executing-code",
          "expanded": "hide-executing-code"
        },
        {
          "value": "hide-non-executing-code",
          "expanded": "hide-non-executing-code"
        },
        {
          "value": "host-configuration-probing",
          "expanded": "host-configuration-probing"
        },
        {
          "value": "information-gathering-for-improvement",
          "expanded": "information-gathering-for-improvement"
        },
        {
          "value": "input-peripheral-capture",
          "expanded": "input-peripheral-capture"
        },
        {
          "value": "install-other-components",
          "expanded": "install-other-components"
        },
        {
          "value": "local-machine-control",
          "expanded": "local-machine-control"
        },
        {
          "value": "network-environment-probing",
          "expanded": "network-environment-probing"
        },
        {
          "value": "os-security-feature-degradation",
          "expanded": "os-security-feature-degradation"
        },
        {
          "value": "output-peripheral-capture",
          "expanded": "output-peripheral-capture"
        },
        {
          "value": "physical-entity-destruction",
          "expanded": "physical-entity-destruction"
        },
        {
          "value": "prevent-artifact-access",
          "expanded": "prevent-artifact-access"
        },
        {
          "value": "prevent-artifact-deletion",
          "expanded": "prevent-artifact-deletion"
        },
        {
          "value": "remote-machine-access",
          "expanded": "remote-machine-access"
        },
        {
          "value": "security-software-degradation",
          "expanded": "security-software-degradation"
        },
        {
          "value": "security-software-evasion",
          "expanded": "security-software-evasion"
        },
        {
          "value": "self-modification",
          "expanded": "self-modification"
        },
        {
          "value": "service-provider-security-feature-degradation",
          "expanded": "service-provider-security-feature-degradation"
        },
        {
          "value": "stored-information-theft",
          "expanded": "stored-information-theft"
        },
        {
          "value": "system-interface-data-capture",
          "expanded": "system-interface-data-capture"
        },
        {
          "value": "system-operational-integrity-violation",
          "expanded": "system-operational-integrity-violation"
        },
        {
          "value": "system-re-infection",
          "expanded": "system-re-infection"
        },
        {
          "value": "system-state-data-capture",
          "expanded": "system-state-data-capture"
        },
        {
          "value": "system-update-degradation",
          "expanded": "system-update-degradation"
        },
        {
          "value": "user-data-theft",
          "expanded": "user-data-theft"
        },
        {
          "value": "virtual-entity-destruction",
          "expanded": "virtual-entity-destruction"
        }
      ]
    }
  ]
}
Updated MAEC 5.0 malware capabilties 2018-05-25 01:38:17 +02:00			`{`
fix: make namespace consistent for MAEC 2018-05-25 10:55:40 +02:00			`"namespace": "maec-malware-capabilities",`
Updated MAEC 5.0 malware capabilties 2018-05-25 01:38:17 +02:00			`"description": "Malware Capabilities based on MAEC 5.0",`
chg: [maec-malware-capabilities] typo fixed - #149 fixed 2019-06-21 09:34:02 +02:00			`"version": 2,`
Updated MAEC 5.0 malware capabilties 2018-05-25 01:38:17 +02:00			`"predicates": [`
			`{`
			`"value": "maec-malware-capability",`
			`"expanded": "MAEC Malware capability"`
			`}`
			`],`
			`"values": [`
			`{`
			`"predicate": "maec-malware-capability",`
			`"entry": [`
			`{`
			`"value": "anti-behavioral-analysis",`
			`"expanded": "anti-behavioral-analysis"`
			`},`
			`{`
			`"value": "anti-code-analysis",`
			`"expanded": "anti-code-analysis"`
			`},`
			`{`
			`"value": "anti-detection",`
			`"expanded": "anti-detection"`
			`},`
			`{`
			`"value": "anti-removal",`
			`"expanded": "anti-removal"`
			`},`
			`{`
			`"value": "availability-violation",`
			`"expanded": "availability-violation"`
			`},`
			`{`
			`"value": "collection",`
			`"expanded": "collection"`
			`},`
			`{`
			`"value": "command-and-control",`
			`"expanded": "command-and-control"`
			`},`
			`{`
			`"value": "data-theft",`
			`"expanded": "data-theft"`
			`},`
			`{`
			`"value": "destruction",`
			`"expanded": "destruction"`
			`},`
			`{`
			`"value": "discovery",`
			`"expanded": "discovery"`
			`},`
			`{`
			`"value": "exfiltration",`
			`"expanded": "exfiltration"`
			`},`
			`{`
			`"value": "fraud",`
			`"expanded": "fraud"`
			`},`
			`{`
			`"value": "infection-propagation",`
			`"expanded": "infection-propagation"`
			`},`
			`{`
			`"value": "integrity-violation",`
chg: [maec-malware-capabilities] typo fixed - #149 fixed 2019-06-21 09:34:02 +02:00			`"expanded": "integrity-violation"`
Updated MAEC 5.0 malware capabilties 2018-05-25 01:38:17 +02:00			`},`
			`{`
			`"value": "machine-access-control",`
			`"expanded": "machine-access-control"`
			`},`
			`{`
			`"value": "persistence",`
			`"expanded": "persistence"`
			`},`
			`{`
			`"value": "privilege-escalation",`
			`"expanded": "privilege-escalation"`
			`},`
			`{`
			`"value": "secondary-operation",`
			`"expanded": "secondary-operation"`
			`},`
			`{`
			`"value": "security-degradation",`
			`"expanded": "security-degradation"`
			`},`
			`{`
			`"value": "access-control-degradation",`
			`"expanded": "access-control-degradation"`
			`},`
			`{`
			`"value": "anti-debugging",`
			`"expanded": "anti-debugging"`
			`},`
			`{`
			`"value": "anti-disassembly",`
			`"expanded": "anti-disassembly"`
			`},`
			`{`
			`"value": "anti-emulation",`
			`"expanded": "anti-emulation"`
			`},`
			`{`
			`"value": "anti-memory-forensics",`
			`"expanded": "anti-memory-forensics"`
			`},`
			`{`
			`"value": "anti-sandbox",`
			`"expanded": "anti-sandbox"`
			`},`
			`{`
			`"value": "anti-virus-evasion",`
			`"expanded": "anti-virus-evasion"`
			`},`
			`{`
			`"value": "anti-vm",`
			`"expanded": "anti-vm"`
			`},`
			`{`
			`"value": "authentication-credentials-theft",`
			`"expanded": "authentication-credentials-theft"`
			`},`
			`{`
			`"value": "clean-traces-of-infection",`
			`"expanded": "clean-traces-of-infection"`
			`},`
			`{`
			`"value": "communicate-with-c2-server",`
chg: [maec-malware-capabilities] typo fixed - #149 fixed 2019-06-21 09:34:02 +02:00			`"expanded": "communicate-with-c2-server"`
Updated MAEC 5.0 malware capabilties 2018-05-25 01:38:17 +02:00			`},`
			`{`
			`"value": "compromise-data-availability",`
			`"expanded": "compromise-data-availability"`
			`},`
			`{`
			`"value": "compromise-system-availability",`
			`"expanded": "compromise-system-availability"`
			`},`
			`{`
			`"value": "consume-system-resources",`
			`"expanded": "consume-system-resources"`
			`},`
			`{`
			`"value": "continuous-execution",`
			`"expanded": "continuous-execution"`
			`},`
			`{`
			`"value": "data-integrity-violation",`
			`"expanded": "data-integrity-violation"`
			`},`
			`{`
			`"value": "data-obfuscation",`
			`"expanded": "data-obfuscation"`
			`},`
			`{`
			`"value": "data-staging",`
			`"expanded": "data-staging"`
			`},`
			`{`
			`"value": "determine-c2-server",`
			`"expanded": "determine-c2-server"`
			`},`
			`{`
			`"value": "email-spam",`
			`"expanded": "email-spam"`
			`},`
			`{`
			`"value": "ensure-compatibility",`
			`"expanded": "ensure-compatibility"`
			`},`
			`{`
			`"value": "environment-awareness",`
			`"expanded": "environment-awareness"`
			`},`
			`{`
			`"value": "file-infection",`
			`"expanded": "file-infection"`
			`},`
			`{`
			`"value": "hide-artifacts",`
			`"expanded": "hide-artifacts"`
			`},`
			`{`
			`"value": "hide-executing-code",`
			`"expanded": "hide-executing-code"`
			`},`
			`{`
			`"value": "hide-non-executing-code",`
			`"expanded": "hide-non-executing-code"`
			`},`
			`{`
			`"value": "host-configuration-probing",`
			`"expanded": "host-configuration-probing"`
			`},`
			`{`
			`"value": "information-gathering-for-improvement",`
			`"expanded": "information-gathering-for-improvement"`
			`},`
			`{`
			`"value": "input-peripheral-capture",`
			`"expanded": "input-peripheral-capture"`
			`},`
			`{`
			`"value": "install-other-components",`
			`"expanded": "install-other-components"`
			`},`
			`{`
			`"value": "local-machine-control",`
			`"expanded": "local-machine-control"`
			`},`
			`{`
			`"value": "network-environment-probing",`
			`"expanded": "network-environment-probing"`
			`},`
			`{`
			`"value": "os-security-feature-degradation",`
			`"expanded": "os-security-feature-degradation"`
			`},`
			`{`
			`"value": "output-peripheral-capture",`
			`"expanded": "output-peripheral-capture"`
			`},`
			`{`
			`"value": "physical-entity-destruction",`
			`"expanded": "physical-entity-destruction"`
			`},`
			`{`
			`"value": "prevent-artifact-access",`
			`"expanded": "prevent-artifact-access"`
			`},`
			`{`
			`"value": "prevent-artifact-deletion",`
			`"expanded": "prevent-artifact-deletion"`
			`},`
			`{`
			`"value": "remote-machine-access",`
			`"expanded": "remote-machine-access"`
			`},`
			`{`
			`"value": "security-software-degradation",`
			`"expanded": "security-software-degradation"`
			`},`
			`{`
			`"value": "security-software-evasion",`
			`"expanded": "security-software-evasion"`
			`},`
			`{`
			`"value": "self-modification",`
			`"expanded": "self-modification"`
			`},`
			`{`
			`"value": "service-provider-security-feature-degradation",`
			`"expanded": "service-provider-security-feature-degradation"`
			`},`
			`{`
			`"value": "stored-information-theft",`
			`"expanded": "stored-information-theft"`
			`},`
			`{`
			`"value": "system-interface-data-capture",`
			`"expanded": "system-interface-data-capture"`
			`},`
			`{`
			`"value": "system-operational-integrity-violation",`
			`"expanded": "system-operational-integrity-violation"`
			`},`
			`{`
			`"value": "system-re-infection",`
			`"expanded": "system-re-infection"`
			`},`
			`{`
			`"value": "system-state-data-capture",`
			`"expanded": "system-state-data-capture"`
			`},`
			`{`
			`"value": "system-update-degradation",`
			`"expanded": "system-update-degradation"`
			`},`
			`{`
			`"value": "user-data-theft",`
			`"expanded": "user-data-theft"`
			`},`
			`{`
			`"value": "virtual-entity-destruction",`
			`"expanded": "virtual-entity-destruction"`
			`}`
fix: Ensure javascript is valid 2018-05-25 10:48:02 +02:00			`]`
Updated MAEC 5.0 malware capabilties 2018-05-25 01:38:17 +02:00			`}`
			`]`
			`}`