Added basic PassiveTotal tags, updated MANIFEST
parent
0e320249de
commit
0f1cc819b8
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"version": "20161219",
|
"version": "20170104",
|
||||||
"license": "CC-0",
|
"license": "CC-0",
|
||||||
"description": "Manifest file of MISP taxonomies available.",
|
"description": "Manifest file of MISP taxonomies available.",
|
||||||
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
|
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
|
||||||
|
@ -156,13 +156,8 @@
|
||||||
"version": 1
|
"version": 1
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.",
|
"description": "Tags provided by RiskIQ's PassiveTotal service",
|
||||||
"name": "targeted-threat-index",
|
"name" : "passivetotal",
|
||||||
"version": 1
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX",
|
|
||||||
"name": "stix-ttp",
|
|
||||||
"version" : 1
|
"version" : 1
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -0,0 +1,86 @@
|
||||||
|
{
|
||||||
|
"namespace" : "passivetotal",
|
||||||
|
"expanded" : "PassiveTotal",
|
||||||
|
"description": "Tags from RiskIQ's PassiveTotal service",
|
||||||
|
"version" : 1,
|
||||||
|
"predicates": [
|
||||||
|
{
|
||||||
|
"value" : "sinkholed",
|
||||||
|
"expanded": "Sinkhole Status"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "ever-comprimised",
|
||||||
|
"expanded" : "Ever Comprimised?"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "class",
|
||||||
|
"expanded" : "Classification"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "dynamic-dns",
|
||||||
|
"expanded": "Dynamic DNS"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"values" : [
|
||||||
|
{
|
||||||
|
"predicate" : "sinkholed",
|
||||||
|
"entry" : [
|
||||||
|
{
|
||||||
|
"value" : "yes",
|
||||||
|
"expanded": "Yes"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "no",
|
||||||
|
"expanded" : "No"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate" : "ever-comprimised",
|
||||||
|
"entry" : [
|
||||||
|
{
|
||||||
|
"value" : "yes",
|
||||||
|
"expanded": "Yes"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "no",
|
||||||
|
"expanded" : "No"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate" : "dynamic-dns",
|
||||||
|
"entry" : [
|
||||||
|
{
|
||||||
|
"value" : "yes",
|
||||||
|
"expanded": "Yes"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "no",
|
||||||
|
"expanded" : "No"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate" : "class",
|
||||||
|
"entry" : [
|
||||||
|
{
|
||||||
|
"value" : "malicious",
|
||||||
|
"expanded" : "Malicious"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "suspicious",
|
||||||
|
"expanded": "Malicious"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "non-malicious",
|
||||||
|
"expanded": "Non Malicious"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value" : "unknown",
|
||||||
|
"expanded" : "Unknown"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue