misp-taxonomies/mapping/mapping.json

{
  "ransomware": [
    "veris:action:malware:variety=\"Ransomware\"",
    "ecsirt:malicious-code=\"ransomware\"",
    "enisa:nefarious-activity-abuse=\"ransomware\"",
    "malware_classification:malware-category=\"Ransomware\"",
    "ms-caro-malware:malware-type=\"Ransom\"",
    "veris:action:malware:variety=\"Ransomware\""
  ],
  "Remote Access Tool": [
    "enisa:nefarious-activity-abuse=\"remote-access-tool\"",
    "ms-caro-malware:malware-type=\"RemoteAccess\""
  ],
  "malware": [
    "ecsirt:malicious-code=\"malware\"",
    "circl:incident-classification=\"malware\""
  ],
  "exploit": [
    "veris:action:malware:variety=\"Exploit vuln\"",
    "ecsirt:intrusion-attempts=\"exploit\"",
    "europol-event:exploit",
    "europol-incident:intrusion=\"exploitation-vulnerability\"",
    "ms-caro-malware:malware-type=\"Exploit\""
  ],
  "rootkit": [
   "veris:action:malware:variety=\"Rootkit\"",
   "enisa:nefarious-activity-abuse=\"rootkits\"",
   "malware_classification:malware-category=\"Rootkit\""
  ],
  "SQLi": [
   "circl:incident-classification=\"sql-injection\"",
   "veris:action:malware:variety=\"SQL injection\"",
   "veris:action:hacking:variety=\"SQLi\"",
   "enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
   "europol-event:sql-injection"
  ],
  "DDoS": [
   "ecsirt:availability=\"ddos\"",
   "europol-incident:availability=\"dos-ddos\"",
   "ms-caro-malware:malware-type=\"DDoS\"",
   "circl:incident-classification=\"denial-of-service\"",
   "enisa:nefarious-activity-abuse=\"denial-of-service\""
  ]
}
New mapping taxonomy library added A simple JSON format where a vernacular/common name describes all the potential associated machine tags. The format is a simple JSON object with a key for the common name which references a list of potential associated machine tags. The usage (in a first step) in MISP will be the following: - The replacement in the index UI of the corresponding list of machine tags by the vernacular/common name. - The ability to add automatically associated machine tags when tagging with the vernacular/common name. Even if the machine tags is not enabled in MISP, the tag will be added. 2016-10-27 07:38:17 +02:00			`{`
			`"ransomware": [`
			`"veris:action:malware:variety=\"Ransomware\"",`
			`"ecsirt:malicious-code=\"ransomware\"",`
			`"enisa:nefarious-activity-abuse=\"ransomware\"",`
			`"malware_classification:malware-category=\"Ransomware\"",`
			`"ms-caro-malware:malware-type=\"Ransom\"",`
			`"veris:action:malware:variety=\"Ransomware\""`
			`],`
			`"Remote Access Tool": [`
			`"enisa:nefarious-activity-abuse=\"remote-access-tool\"",`
			`"ms-caro-malware:malware-type=\"RemoteAccess\""`
			`],`
			`"malware": [`
			`"ecsirt:malicious-code=\"malware\"",`
			`"circl:incident-classification=\"malware\""`
			`],`
			`"exploit": [`
			`"veris:action:malware:variety=\"Exploit vuln\"",`
			`"ecsirt:intrusion-attempts=\"exploit\"",`
			`"europol-event:exploit",`
			`"europol-incident:intrusion=\"exploitation-vulnerability\"",`
			`"ms-caro-malware:malware-type=\"Exploit\""`
			`],`
			`"rootkit": [`
			`"veris:action:malware:variety=\"Rootkit\"",`
			`"enisa:nefarious-activity-abuse=\"rootkits\"",`
			`"malware_classification:malware-category=\"Rootkit\""`
			`],`
			`"SQLi": [`
			`"circl:incident-classification=\"sql-injection\"",`
			`"veris:action:malware:variety=\"SQL injection\"",`
			`"veris:action:hacking:variety=\"SQLi\"",`
			`"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",`
			`"europol-event:sql-injection"`
			`],`
			`"DDoS": [`
			`"ecsirt:availability=\"ddos\"",`
			`"europol-incident:availability=\"dos-ddos\"",`
			`"ms-caro-malware:malware-type=\"DDoS\"",`
			`"circl:incident-classification=\"denial-of-service\"",`
			`"enisa:nefarious-activity-abuse=\"denial-of-service\""`
			`]`
			`}`