2015-11-25 15:32:12 +01:00
|
|
|
{
|
|
|
|
"values": [
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "phishing",
|
|
|
|
"value": "phishing"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "fraud"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "ddos",
|
|
|
|
"value": "ddos"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "availability"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "spam",
|
|
|
|
"value": "spam"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "abusive-content"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "scanner",
|
|
|
|
"value": "scanner"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "information-gathering"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "dropzone",
|
|
|
|
"value": "dropzone"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "information-content-security"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "malware",
|
|
|
|
"value": "malware"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "botnet drone",
|
|
|
|
"value": "botnet-drone"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "ransomware",
|
|
|
|
"value": "ransomware"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "malware configuration",
|
|
|
|
"value": "malware-configuration"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "c&c",
|
|
|
|
"value": "c&c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "malicious-code"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "exploit",
|
|
|
|
"value": "exploit"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "brute-force",
|
|
|
|
"value": "brute-force"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "ids alerts",
|
|
|
|
"value": "ids-alert"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "intrusion-attempts"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "defacement",
|
|
|
|
"value": "defacement"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "compromised",
|
|
|
|
"value": "compromised"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "backdoor",
|
|
|
|
"value": "backdoor"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "intrusions"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "Vulnerable service",
|
|
|
|
"value": "vulnerable-service"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "vulnerable"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "blacklist",
|
|
|
|
"value": "blacklist"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "unknown",
|
|
|
|
"value": "unknown"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "other"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "Test",
|
|
|
|
"value": "test"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "test"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicates": [
|
|
|
|
{
|
2017-07-25 14:51:53 +02:00
|
|
|
"expanded": "Fraud",
|
|
|
|
"value": "fraud"
|
2015-11-25 15:32:12 +01:00
|
|
|
},
|
|
|
|
{
|
2017-07-25 14:51:53 +02:00
|
|
|
"expanded": "Availability",
|
|
|
|
"value": "availability"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Abusive Content",
|
|
|
|
"value": "abusive-content"
|
2015-11-25 15:32:12 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Information Gathering",
|
|
|
|
"value": "information-gathering"
|
|
|
|
},
|
2017-07-25 14:51:53 +02:00
|
|
|
{
|
|
|
|
"expanded": "Information Content Security",
|
|
|
|
"value": "information-content-security"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Malicious Code",
|
|
|
|
"value": "malicious-code"
|
|
|
|
},
|
2015-11-25 15:32:12 +01:00
|
|
|
{
|
|
|
|
"expanded": "Intrusion Attempts",
|
|
|
|
"value": "intrusion-attempts"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Intrusions",
|
|
|
|
"value": "intrusions"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Information Security",
|
|
|
|
"value": "information-security"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Vulnerable",
|
|
|
|
"value": "vulnerable"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Other",
|
|
|
|
"value": "other"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Test",
|
|
|
|
"value": "test"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"version": 1,
|
|
|
|
"description": "Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ.",
|
|
|
|
"namespace": "ecsirt"
|
|
|
|
}
|