2020-08-24 15:50:30 +02:00
{
2021-04-13 11:07:28 +02:00
"namespace" : "threatmatch" ,
2020-08-24 15:50:30 +02:00
"expanded" : "ThreatMatch categories for sharing into ThreatMatch and MISP" ,
"version" : 1 ,
"description" : "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects." ,
"refs" : [
"https://www.secalliance.com/platform/" ,
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
] ,
2021-04-13 11:04:37 +02:00
"predicates" : [
2020-08-24 15:50:30 +02:00
{
"value" : "sector" ,
"expanded" : "Extensive list of sector definition tags"
} ,
{
2021-04-13 10:24:12 +02:00
"value" : "incident-type" ,
2020-08-24 15:50:30 +02:00
"expanded" : "Incident tags are used by the ThreatMatch platform to categorise a relevant incident event."
} ,
{
2021-04-13 10:24:12 +02:00
"value" : "malware-type" ,
2020-08-24 15:50:30 +02:00
"expanded" : "Malware tags are used by the ThreatMatch platform to categorise malware types."
} ,
{
2021-04-13 10:24:12 +02:00
"value" : "alert-type" ,
2020-08-24 15:50:30 +02:00
"expanded" : "Alert tags are used by the ThreatMatch platform to categorise a relevant threat."
}
] ,
"values" : [
{
"predicate" : "sector" ,
"entry" : [
2021-04-13 11:04:37 +02:00
{
"value" : "Banking & Capital Markets" ,
"expanded" : "Banking & capital markets"
} ,
{
"value" : "Financial Services" ,
"expanded" : "Financial Services"
} ,
{
"value" : "Insurance" ,
"expanded" : "Insurance"
} ,
{
"value" : "Pension" ,
"expanded" : "Pension"
} ,
{
"value" : "Government & Public Service" ,
"expanded" : "Government & Public Service"
} ,
{
"value" : "Diplomatic Services" ,
"expanded" : "Diplomatic Services"
} ,
{
"value" : "Energy, Utilities & Mining" ,
"expanded" : "Energy, Utilities & Mining"
} ,
{
"value" : "Telecommunications" ,
"expanded" : "Telecommunications"
} ,
{
"value" : "Technology" ,
"expanded" : "Technology"
} ,
{
"value" : "Academic/Research Institutes" ,
"expanded" : "Academic/Research Institutes"
} ,
{
"value" : "Aerospace, Defence & Security" ,
"expanded" : "Aerospace, Defence & Security"
} ,
{
"value" : "Agriculture" ,
"expanded" : "Agriculture"
} ,
{
"value" : "Asset & Wealth Management" ,
"expanded" : "Asset & Wealth Management"
} ,
{
"value" : "Automotive" ,
"expanded" : "Automotive"
} ,
{
"value" : "Business and Professional Services" ,
"expanded" : "Business and Professional Services"
} ,
{
"value" : "Capital Projects & Infrastructure" ,
"expanded" : "Capital Projects & Infrastructure"
} ,
{
"value" : "Charity/Not-for-Profit" ,
"expanded" : "Charity/Not-for-Profit"
} ,
{
"value" : "Chemicals" ,
"expanded" : "Chemicals"
} ,
{
"value" : "Commercial Aviation" ,
"expanded" : "Commercial Aviation"
} ,
{
"value" : "Commodities" ,
"expanded" : "Commodities"
} ,
{
"value" : "Education" ,
"expanded" : "Education"
} ,
{
"value" : "Engineering & Construction" ,
"expanded" : "Engineering & Construction"
} ,
{
"value" : "Entertainment & Media" ,
"expanded" : "Entertainment & Media"
} ,
{
"value" : "Forest, Paper & Packaging" ,
"expanded" : "Forest, Paper & Packaging"
} ,
{
"value" : "Healthcare" ,
"expanded" : "Healthcare"
} ,
{
"value" : "Hospitality & Leisure" ,
"expanded" : "Hospitality & Leisure"
} ,
{
"value" : "Industrial Manufacturing" ,
"expanded" : "Industrial Manufacturing"
} ,
{
"value" : "IT Industry" ,
"expanded" : "IT Industry"
} ,
{
"value" : "Legal" ,
"expanded" : "Legal"
} ,
{
"value" : "Metals" ,
"expanded" : "Metals"
} ,
{
"value" : "Pharmaceuticals & Life Sciences" ,
"expanded" : "Pharmaceuticals & Life Sciences"
} ,
{
"value" : "Private Equity" ,
"expanded" : "Private Equity"
} ,
{
"value" : "Retail & Consumer" ,
"expanded" : "Retail & Consumer"
} ,
{
"value" : "Semiconductors" ,
"expanded" : "Semiconductors"
} ,
{
"value" : "Sovereign Investment Funds" ,
"expanded" : "Sovereign Investment Funds"
} ,
{
"value" : "Transport & Logistics" ,
"expanded" : "Transport & Logistics"
}
2020-08-24 15:50:30 +02:00
]
} ,
{
"predicate" : "incident_type" ,
"entry" : [
{
"value" : "ATM Attacks" ,
"expanded" : "ATM Attacks"
} ,
{
"value" : "ATM Breach" ,
"expanded" : "ATM Breach"
} ,
{
"value" : "Attempted Exploitation" ,
"expanded" : "Attempted Exploitation"
} ,
{
"value" : "Botnet Activity" ,
"expanded" : "Botnet Activity"
} ,
{
"value" : "Business Email Compromise" ,
"expanded" : "Business Email Compromise"
} ,
{
"value" : "Crypto Mining" ,
"expanded" : "Crypto Mining"
} ,
{
"value" : "Data Breach/Compromise" ,
"expanded" : "Data Breach/Compromise"
} ,
{
"value" : "Data Dump" ,
"expanded" : "Data Dump"
} ,
{
"value" : "Data Leakage" ,
"expanded" : "Data Leakage"
} ,
{
"value" : "DDoS" ,
"expanded" : "DDoS"
} ,
{
"value" : "Defacement Activity" ,
"expanded" : "Defacement Activity"
} ,
{
"value" : "Denial of Service (DoS)" ,
"expanded" : "Denial of Service (DoS)"
} ,
{
"value" : "Disruption Activity" ,
"expanded" : "Disruption Activity"
} ,
{
"value" : "Espionage" ,
"expanded" : "Espionage"
} ,
{
"value" : "Espionage Activity" ,
"expanded" : "Espionage Activity"
} ,
{
"value" : "Exec Targeting " ,
"expanded" : "Exec Targeting "
} ,
{
"value" : "Exposure of Data" ,
"expanded" : "Exposure of Data"
} ,
{
"value" : "Extortion Activity" ,
"expanded" : "Extortion Activity"
} ,
{
"value" : "Fraud Activity" ,
"expanded" : "Fraud Activity"
} ,
{
"value" : "General Notification" ,
"expanded" : "General Notification"
} ,
{
"value" : "Hacktivism Activity" ,
"expanded" : "Hacktivism Activity"
} ,
{
"value" : "Malicious Insider" ,
"expanded" : "Malicious Insider"
} ,
{
"value" : "Malware Infection" ,
"expanded" : "Malware Infection"
} ,
{
"value" : "Man in the Middle Attacks" ,
"expanded" : "Man in the Middle Attacks"
} ,
{
"value" : "MFA Attack" ,
"expanded" : "MFA Attack"
} ,
{
"value" : "Mobile Malware" ,
"expanded" : "Mobile Malware"
} ,
{
"value" : "Phishing Activity" ,
"expanded" : "Phishing Activity"
} ,
{
"value" : "Ransomware Activity" ,
"expanded" : "Ransomware Activity"
} ,
{
"value" : "Social Engineering Activity" ,
"expanded" : "Social Engineering Activity"
} ,
{
"value" : "Social Media Compromise" ,
"expanded" : "Social Media Compromise"
} ,
{
"value" : "Spear-phishing Activity" ,
"expanded" : "Spear-phishing Activity"
} ,
{
"value" : "Spyware" ,
"expanded" : "Spyware"
} ,
{
"value" : "SQL Injection Activity" ,
"expanded" : "SQL Injection Activity"
} ,
{
"value" : "Supply Chain Compromise" ,
"expanded" : "Supply Chain Compromise"
} ,
{
"value" : "Trojanised Software" ,
"expanded" : "Trojanised Software"
} ,
{
"value" : "Vishing" ,
"expanded" : "Vishing"
} ,
{
"value" : "Website Attack (Other)" ,
"expanded" : "Website Attack (Other)"
} ,
{
"value" : "Unknown" ,
"expanded" : "Unknown"
}
]
} ,
2021-04-13 11:04:37 +02:00
{
"predicate" : "malware_type" ,
"entry" : [
{
"value" : "Adware" ,
"expanded" : "Adware"
} ,
{
"value" : "Backdoor" ,
"expanded" : "Backdoor"
} ,
{
"value" : "Banking Trojan" ,
"expanded" : "Banking Trojan"
} ,
{
"value" : "Botnet" ,
"expanded" : "Botnet"
} ,
{
"value" : "Destructive" ,
"expanded" : "Destructive"
} ,
{
"value" : "Downloader" ,
"expanded" : "Downloader"
} ,
{
"value" : "Exploit Kit" ,
"expanded" : "Exploit Kit"
} ,
{
"value" : "Fileless Malware" ,
"expanded" : "Fileless Malware"
} ,
{
"value" : "Keylogger" ,
"expanded" : "Keylogger"
} ,
{
"value" : "Legitimate Tool" ,
"expanded" : "Legitimate Tool"
} ,
{
"value" : "Mobile Application" ,
"expanded" : "Mobile Application"
} ,
{
"value" : "Mobile Malware" ,
"expanded" : "Mobile Malware"
} ,
{
"value" : "Point-of-Sale (PoS)" ,
"expanded" : "Point-of-Sale (PoS)"
} ,
{
"value" : "Remote Access Trojan" ,
"expanded" : "Remote Access Trojan"
} ,
{
"value" : "Rootkit" ,
"expanded" : "Rootkit"
} ,
{
"value" : "Skimmer" ,
"expanded" : "Skimmer"
} ,
{
"value" : "Spyware" ,
"expanded" : "Spyware"
} ,
{
"value" : "Surveillance Tool" ,
"expanded" : "Surveillance Tool"
} ,
{
"value" : "Trojan" ,
"expanded" : "Trojan"
} ,
{
"value" : "Virus" ,
"expanded" : "Virus "
} ,
{
"value" : "Worm" ,
"expanded" : "Worm"
} ,
{
"value" : "Zero-day" ,
"expanded" : "Zero-day"
} ,
{
"value" : "Unknown" ,
"expanded" : "Unknown"
}
]
} ,
2020-08-24 15:50:30 +02:00
{
"predicate" : "alert_type" ,
"entry" : [
{
2021-04-13 11:04:37 +02:00
"value" : "Actor Campaigns" ,
"expanded" : "Actor Campaigns"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Credential Breaches" ,
"expanded" : "Credential Breaches"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "DDoS" ,
"expanded" : "DDoS"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Exploit Alert" ,
"expanded" : "Exploit Alert"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "General Notification" ,
"expanded" : "General Notification"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "High Impact Vulnerabilities" ,
"expanded" : "High Impact Vulnerabilities"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Information Leakages" ,
"expanded" : "Information Leakages"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Malware Analysis" ,
"expanded" : "Malware Analysis"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Nefarious Domains" ,
"expanded" : "Nefarious Domains"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Nefarious Forum Mention" ,
"expanded" : "Nefarious Forum Mention"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Pastebin Dumps" ,
"expanded" : "Pastebin Dumps"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Phishing Attempts" ,
"expanded" : "Phishing Attempts"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "PII Exposure" ,
"expanded" : "PII Exposure"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Sensitive Information Disclosures" ,
"expanded" : "Sensitive Information Disclosures"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Social Media Alerts" ,
"expanded" : "Social Media Alerts"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Supply Chain Event" ,
"expanded" : "Supply Chain Event"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Technical Exposure" ,
"expanded" : "Technical Exposure"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Threat Actor Updates" ,
"expanded" : "Threat Actor Updates"
2020-08-24 15:50:30 +02:00
} ,
{
2021-04-13 11:04:37 +02:00
"value" : "Trigger Events" ,
"expanded" : "Trigger Events"
2020-08-24 15:50:30 +02:00
}
]
}
]
}