From 8f26a434fdefb5eaab15c6fe4ecf5d26b0f818b0 Mon Sep 17 00:00:00 2001 From: paulingega-sa Date: Mon, 24 Aug 2020 14:50:30 +0100 Subject: [PATCH 1/2] update threatmatch taxonomies into a single taxonomy --- MANIFEST.json | 19 +- threatmatch-alert-types/README.md | 3 - threatmatch-alert-types/machinetag.json | 99 ---- threatmatch-incident-types/README.md | 3 - threatmatch-incident-types/machinetag.json | 175 ------- threatmatch-malware-types/README.md | 3 - threatmatch-malware-types/machinetag.json | 115 ----- threatmatch-sectors/README.md | 3 - threatmatch-sectors/machinetag.json | 167 ------- threatmatch/README.md | 2 + threatmatch/machinetag.json | 515 +++++++++++++++++++++ 11 files changed, 519 insertions(+), 585 deletions(-) delete mode 100644 threatmatch-alert-types/README.md delete mode 100644 threatmatch-alert-types/machinetag.json delete mode 100644 threatmatch-incident-types/README.md delete mode 100644 threatmatch-incident-types/machinetag.json delete mode 100644 threatmatch-malware-types/README.md delete mode 100644 threatmatch-malware-types/machinetag.json delete mode 100644 threatmatch-sectors/README.md delete mode 100644 threatmatch-sectors/machinetag.json create mode 100644 threatmatch/README.md create mode 100644 threatmatch/machinetag.json diff --git a/MANIFEST.json b/MANIFEST.json index 320289c..8dd23de 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -544,23 +544,8 @@ "version": 3 }, { - "description": "The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "name": "threatmatch-alert-types", - "version": 1 - }, - { - "description": "The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "name": "threatmatch-incident-types", - "version": 1 - }, - { - "description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "name": "threatmatch-malware-types", - "version": 1 - }, - { - "description": "The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "name": "threatmatch-sectors", + "description": "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "name": "threatmatch", "version": 1 }, { diff --git a/threatmatch-alert-types/README.md b/threatmatch-alert-types/README.md deleted file mode 100644 index 9ccc39e..0000000 --- a/threatmatch-alert-types/README.md +++ /dev/null @@ -1,3 +0,0 @@ -## Alert types -Alert tags are used by the ThreatMatch platform to categorise a relevant threat. -Tags should be used for all CIISI and TIBER projects. diff --git a/threatmatch-alert-types/machinetag.json b/threatmatch-alert-types/machinetag.json deleted file mode 100644 index e999f8f..0000000 --- a/threatmatch-alert-types/machinetag.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "namespace": "threatmatch-alert-types", - "expanded": "Alert Types for Sharing into ThreatMatch and MISP.", - "version": 1, - "description": "The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "refs": [ - "https://www.secalliance.com/platform/", - "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" - ], - "predicates": [ - { - "value": "alert_type", - "expanded": "Alert type" - } - ], - "values": [ - { - "predicate": "alert_type", - "entry": [ - { - "value": "Actor Campaigns", - "expanded": "Actor Campaigns" - }, - { - "value": "Credential Breaches", - "expanded": "Credential Breaches" - }, - { - "value": "DDoS", - "expanded": "DDoS" - }, - { - "value": "Exploit Alert", - "expanded": "Exploit Alert" - }, - { - "value": "General Notification", - "expanded": "General Notification" - }, - { - "value": "High Impact Vulnerabilities", - "expanded": "High Impact Vulnerabilities" - }, - { - "value": "Information Leakages", - "expanded": "Information Leakages" - }, - { - "value": "Malware Analysis", - "expanded": "Malware Analysis" - }, - { - "value": "Nefarious Domains", - "expanded": "Nefarious Domains" - }, - { - "value": "Nefarious Forum Mention", - "expanded": "Nefarious Forum Mention" - }, - { - "value": "Pastebin Dumps", - "expanded": "Pastebin Dumps" - }, - { - "value": "Phishing Attempts", - "expanded": "Phishing Attempts" - }, - { - "value": "PII Exposure", - "expanded": "PII Exposure" - }, - { - "value": "Sensitive Information Disclosures", - "expanded": "Sensitive Information Disclosures" - }, - { - "value": "Social Media Alerts", - "expanded": "Social Media Alerts" - }, - { - "value": "Supply Chain Event", - "expanded": "Supply Chain Event" - }, - { - "value": "Technical Exposure", - "expanded": "Technical Exposure" - }, - { - "value": "Threat Actor Updates", - "expanded": "Threat Actor Updates" - }, - { - "value": "Trigger Events", - "expanded": "Trigger Events" - } - ] - } - ] -} diff --git a/threatmatch-incident-types/README.md b/threatmatch-incident-types/README.md deleted file mode 100644 index 1e95764..0000000 --- a/threatmatch-incident-types/README.md +++ /dev/null @@ -1,3 +0,0 @@ -## Incident types -Incident tags are used by the ThreatMatch platform to categorise a relevant incident event. -Tags should be used for all CIISI and TIBER projects. diff --git a/threatmatch-incident-types/machinetag.json b/threatmatch-incident-types/machinetag.json deleted file mode 100644 index cc2d031..0000000 --- a/threatmatch-incident-types/machinetag.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "namespace": "threatmatch-incident-types", - "expanded": "Incident Types for Sharing into ThreatMatch and MISP", - "version": 1, - "description": "The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "refs": [ - "https://www.secalliance.com/platform/", - "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" - ], - "predicates": [ - { - "value": "incident_type", - "expanded": "Threat Match incident types" - } - ], - "values": [ - { - "predicate": "incident_type", - "entry": [ - { - "value": "ATM Attacks", - "expanded": "ATM Attacks" - }, - { - "value": "ATM Breach", - "expanded": "ATM Breach" - }, - { - "value": "Attempted Exploitation", - "expanded": "Attempted Exploitation" - }, - { - "value": "Botnet Activity", - "expanded": "Botnet Activity" - }, - { - "value": "Business Email Compromise", - "expanded": "Business Email Compromise" - }, - { - "value": "Crypto Mining", - "expanded": "Crypto Mining" - }, - { - "value": "Data Breach/Compromise", - "expanded": "Data Breach/Compromise" - }, - { - "value": "Data Dump", - "expanded": "Data Dump" - }, - { - "value": "Data Leakage", - "expanded": "Data Leakage" - }, - { - "value": "DDoS", - "expanded": "DDoS" - }, - { - "value": "Defacement Activity", - "expanded": "Defacement Activity" - }, - { - "value": "Denial of Service (DoS)", - "expanded": "Denial of Service (DoS)" - }, - { - "value": "Disruption Activity", - "expanded": "Disruption Activity" - }, - { - "value": "Espionage", - "expanded": "Espionage" - }, - { - "value": "Espionage Activity", - "expanded": "Espionage Activity" - }, - { - "value": "Exec Targeting ", - "expanded": "Exec Targeting " - }, - { - "value": "Exposure of Data", - "expanded": "Exposure of Data" - }, - { - "value": "Extortion Activity", - "expanded": "Extortion Activity" - }, - { - "value": "Fraud Activity", - "expanded": "Fraud Activity" - }, - { - "value": "General Notification", - "expanded": "General Notification" - }, - { - "value": "Hacktivism Activity", - "expanded": "Hacktivism Activity" - }, - { - "value": "Malicious Insider", - "expanded": "Malicious Insider" - }, - { - "value": "Malware Infection", - "expanded": "Malware Infection" - }, - { - "value": "Man in the Middle Attacks", - "expanded": "Man in the Middle Attacks" - }, - { - "value": "MFA Attack", - "expanded": "MFA Attack" - }, - { - "value": "Mobile Malware", - "expanded": "Mobile Malware" - }, - { - "value": "Phishing Activity", - "expanded": "Phishing Activity" - }, - { - "value": "Ransomware Activity", - "expanded": "Ransomware Activity" - }, - { - "value": "Social Engineering Activity", - "expanded": "Social Engineering Activity" - }, - { - "value": "Social Media Compromise", - "expanded": "Social Media Compromise" - }, - { - "value": "Spear-phishing Activity", - "expanded": "Spear-phishing Activity" - }, - { - "value": "Spyware", - "expanded": "Spyware" - }, - { - "value": "SQL Injection Activity", - "expanded": "SQL Injection Activity" - }, - { - "value": "Supply Chain Compromise", - "expanded": "Supply Chain Compromise" - }, - { - "value": "Trojanised Software", - "expanded": "Trojanised Software" - }, - { - "value": "Vishing", - "expanded": "Vishing" - }, - { - "value": "Website Attack (Other)", - "expanded": "Website Attack (Other)" - }, - { - "value": "Unknown", - "expanded": "Unknown" - } - ] - } - ] -} diff --git a/threatmatch-malware-types/README.md b/threatmatch-malware-types/README.md deleted file mode 100644 index 2a6c9df..0000000 --- a/threatmatch-malware-types/README.md +++ /dev/null @@ -1,3 +0,0 @@ -## Malware types -Malware tags are used by the ThreatMatch platform to categorise malware types. -Tags should be used for all CIISI and TIBER projects. diff --git a/threatmatch-malware-types/machinetag.json b/threatmatch-malware-types/machinetag.json deleted file mode 100644 index 001c78e..0000000 --- a/threatmatch-malware-types/machinetag.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "namespace": "threatmatch-malware-types", - "expanded": "Malware Types for Sharing into ThreatMatch and MISP", - "version": 1, - "description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "refs": [ - "https://www.secalliance.com/platform/", - "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" - ], - "predicates": [ - { - "value": "malware_type", - "expanded": "Malware type" - } - ], - "values": [ - { - "predicate": "malware_type", - "entry": [ - { - "value": "Adware", - "expanded": "Adware" - }, - { - "value": "Backdoor", - "expanded": "Backdoor" - }, - { - "value": "Banking Trojan", - "expanded": "Banking Trojan" - }, - { - "value": "Botnet", - "expanded": "Botnet" - }, - { - "value": "Destructive", - "expanded": "Destructive" - }, - { - "value": "Downloader", - "expanded": "Downloader" - }, - { - "value": "Exploit Kit", - "expanded": "Exploit Kit" - }, - { - "value": "Fileless Malware", - "expanded": "Fileless Malware" - }, - { - "value": "Keylogger", - "expanded": "Keylogger" - }, - { - "value": "Legitimate Tool", - "expanded": "Legitimate Tool" - }, - { - "value": "Mobile Application", - "expanded": "Mobile Application" - }, - { - "value": "Mobile Malware", - "expanded": "Mobile Malware" - }, - { - "value": "Point-of-Sale (PoS)", - "expanded": "Point-of-Sale (PoS)" - }, - { - "value": "Remote Access Trojan", - "expanded": "Remote Access Trojan" - }, - { - "value": "Rootkit", - "expanded": "Rootkit" - }, - { - "value": "Skimmer", - "expanded": "Skimmer" - }, - { - "value": "Spyware", - "expanded": "Spyware" - }, - { - "value": "Surveillance Tool", - "expanded": "Surveillance Tool" - }, - { - "value": "Trojan", - "expanded": "Trojan" - }, - { - "value": "Virus", - "expanded": "Virus " - }, - { - "value": "Worm", - "expanded": "Worm" - }, - { - "value": "Zero-day", - "expanded": "Zero-day" - }, - { - "value": "Unknown", - "expanded": "Unknown" - } - ] - } - ] -} diff --git a/threatmatch-sectors/README.md b/threatmatch-sectors/README.md deleted file mode 100644 index ad6b550..0000000 --- a/threatmatch-sectors/README.md +++ /dev/null @@ -1,3 +0,0 @@ -## Sector types -Extensive list of sector definition tags. -Tags should be used for all CIISI and TIBER projects. \ No newline at end of file diff --git a/threatmatch-sectors/machinetag.json b/threatmatch-sectors/machinetag.json deleted file mode 100644 index 9081c91..0000000 --- a/threatmatch-sectors/machinetag.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "namespace": "threatmatch-sectors", - "expanded": "Sector Types for Sharing into ThreatMatch and MISP", - "version": 1, - "description": "The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", - "refs": [ - "https://www.secalliance.com/platform/", - "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" - ], - "predicates": [ - { - "value": "sector", - "expanded": "Threat Match sector definitions" - } - ], - "values": [ - { - "predicate": "sector", - "entry": [ - { - "value": "Banking & Capital Markets", - "expanded": "Banking & capital markets" - }, - { - "value": "Financial Services", - "expanded": "Financial Services" - }, - { - "value": "Insurance", - "expanded": "Insurance" - }, - { - "value": "Pension", - "expanded": "Pension" - }, - { - "value": "Government & Public Service", - "expanded": "Government & Public Service" - }, - { - "value": "Diplomatic Services", - "expanded": "Diplomatic Services" - }, - { - "value": "Energy, Utilities & Mining", - "expanded": "Energy, Utilities & Mining" - }, - { - "value": "Telecommunications", - "expanded": "Telecommunications" - }, - { - "value": "Technology", - "expanded": "Technology" - }, - { - "value": "Academic/Research Institutes", - "expanded": "Academic/Research Institutes" - }, - { - "value": "Aerospace, Defence & Security", - "expanded": "Aerospace, Defence & Security" - }, - { - "value": "Agriculture", - "expanded": "Agriculture" - }, - { - "value": "Asset & Wealth Management", - "expanded": "Asset & Wealth Management" - }, - { - "value": "Automotive", - "expanded": "Automotive" - }, - { - "value": "Business and Professional Services", - "expanded": "Business and Professional Services" - }, - { - "value": "Capital Projects & Infrastructure", - "expanded": "Capital Projects & Infrastructure" - }, - { - "value": "Charity/Not-for-Profit", - "expanded": "Charity/Not-for-Profit" - }, - { - "value": "Chemicals", - "expanded": "Chemicals" - }, - { - "value": "Commercial Aviation", - "expanded": "Commercial Aviation" - }, - { - "value": "Commodities", - "expanded": "Commodities" - }, - { - "value": "Education", - "expanded": "Education" - }, - { - "value": "Engineering & Construction", - "expanded": "Engineering & Construction" - }, - { - "value": "Entertainment & Media", - "expanded": "Entertainment & Media" - }, - { - "value": "Forest, Paper & Packaging", - "expanded": "Forest, Paper & Packaging" - }, - { - "value": "Healthcare", - "expanded": "Healthcare" - }, - { - "value": "Hospitality & Leisure", - "expanded": "Hospitality & Leisure" - }, - { - "value": "Industrial Manufacturing", - "expanded": "Industrial Manufacturing" - }, - { - "value": "IT Industry", - "expanded": "IT Industry" - }, - { - "value": "Legal", - "expanded": "Legal" - }, - { - "value": "Metals", - "expanded": "Metals" - }, - { - "value": "Pharmaceuticals & Life Sciences", - "expanded": "Pharmaceuticals & Life Sciences" - }, - { - "value": "Private Equity", - "expanded": "Private Equity" - }, - { - "value": "Retail & Consumer", - "expanded": "Retail & Consumer" - }, - { - "value": "Semiconductors", - "expanded": "Semiconductors" - }, - { - "value": "Sovereign Investment Funds", - "expanded": "Sovereign Investment Funds" - }, - { - "value": "Transport & Logistics", - "expanded": "Transport & Logistics" - } - ] - } - ] -} diff --git a/threatmatch/README.md b/threatmatch/README.md new file mode 100644 index 0000000..8b0fb1e --- /dev/null +++ b/threatmatch/README.md @@ -0,0 +1,2 @@ +## ThreatMatch +Incident types, Alert types, Malware types and Sectors should be used for all CIISI and TIBER projects. \ No newline at end of file diff --git a/threatmatch/machinetag.json b/threatmatch/machinetag.json new file mode 100644 index 0000000..761830c --- /dev/null +++ b/threatmatch/machinetag.json @@ -0,0 +1,515 @@ +{ + "namespace": "ThreatMatch", + "expanded": "ThreatMatch categories for sharing into ThreatMatch and MISP", + "version": 1, + "description": "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "refs": [ + "https://www.secalliance.com/platform/", + "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" + ], + "predicates":[ + { + "value": "sector", + "expanded": "Extensive list of sector definition tags" + }, + { + "value": "incident_type", + "expanded": "Incident tags are used by the ThreatMatch platform to categorise a relevant incident event." + }, + { + "value": "malware_type", + "expanded": "Malware tags are used by the ThreatMatch platform to categorise malware types." + }, + { + "value": "alert_type", + "expanded": "Alert tags are used by the ThreatMatch platform to categorise a relevant threat." + } + ], + "values": [ + { + "predicate": "sector", + "entry": [ + { + "value": "Banking & Capital Markets", + "expanded": "Banking & capital markets" + }, + { + "value": "Financial Services", + "expanded": "Financial Services" + }, + { + "value": "Insurance", + "expanded": "Insurance" + }, + { + "value": "Pension", + "expanded": "Pension" + }, + { + "value": "Government & Public Service", + "expanded": "Government & Public Service" + }, + { + "value": "Diplomatic Services", + "expanded": "Diplomatic Services" + }, + { + "value": "Energy, Utilities & Mining", + "expanded": "Energy, Utilities & Mining" + }, + { + "value": "Telecommunications", + "expanded": "Telecommunications" + }, + { + "value": "Technology", + "expanded": "Technology" + }, + { + "value": "Academic/Research Institutes", + "expanded": "Academic/Research Institutes" + }, + { + "value": "Aerospace, Defence & Security", + "expanded": "Aerospace, Defence & Security" + }, + { + "value": "Agriculture", + "expanded": "Agriculture" + }, + { + "value": "Asset & Wealth Management", + "expanded": "Asset & Wealth Management" + }, + { + "value": "Automotive", + "expanded": "Automotive" + }, + { + "value": "Business and Professional Services", + "expanded": "Business and Professional Services" + }, + { + "value": "Capital Projects & Infrastructure", + "expanded": "Capital Projects & Infrastructure" + }, + { + "value": "Charity/Not-for-Profit", + "expanded": "Charity/Not-for-Profit" + }, + { + "value": "Chemicals", + "expanded": "Chemicals" + }, + { + "value": "Commercial Aviation", + "expanded": "Commercial Aviation" + }, + { + "value": "Commodities", + "expanded": "Commodities" + }, + { + "value": "Education", + "expanded": "Education" + }, + { + "value": "Engineering & Construction", + "expanded": "Engineering & Construction" + }, + { + "value": "Entertainment & Media", + "expanded": "Entertainment & Media" + }, + { + "value": "Forest, Paper & Packaging", + "expanded": "Forest, Paper & Packaging" + }, + { + "value": "Healthcare", + "expanded": "Healthcare" + }, + { + "value": "Hospitality & Leisure", + "expanded": "Hospitality & Leisure" + }, + { + "value": "Industrial Manufacturing", + "expanded": "Industrial Manufacturing" + }, + { + "value": "IT Industry", + "expanded": "IT Industry" + }, + { + "value": "Legal", + "expanded": "Legal" + }, + { + "value": "Metals", + "expanded": "Metals" + }, + { + "value": "Pharmaceuticals & Life Sciences", + "expanded": "Pharmaceuticals & Life Sciences" + }, + { + "value": "Private Equity", + "expanded": "Private Equity" + }, + { + "value": "Retail & Consumer", + "expanded": "Retail & Consumer" + }, + { + "value": "Semiconductors", + "expanded": "Semiconductors" + }, + { + "value": "Sovereign Investment Funds", + "expanded": "Sovereign Investment Funds" + }, + { + "value": "Transport & Logistics", + "expanded": "Transport & Logistics" + } + ] + }, + { + "predicate": "incident_type", + "entry": [ + { + "value": "ATM Attacks", + "expanded": "ATM Attacks" + }, + { + "value": "ATM Breach", + "expanded": "ATM Breach" + }, + { + "value": "Attempted Exploitation", + "expanded": "Attempted Exploitation" + }, + { + "value": "Botnet Activity", + "expanded": "Botnet Activity" + }, + { + "value": "Business Email Compromise", + "expanded": "Business Email Compromise" + }, + { + "value": "Crypto Mining", + "expanded": "Crypto Mining" + }, + { + "value": "Data Breach/Compromise", + "expanded": "Data Breach/Compromise" + }, + { + "value": "Data Dump", + "expanded": "Data Dump" + }, + { + "value": "Data Leakage", + "expanded": "Data Leakage" + }, + { + "value": "DDoS", + "expanded": "DDoS" + }, + { + "value": "Defacement Activity", + "expanded": "Defacement Activity" + }, + { + "value": "Denial of Service (DoS)", + "expanded": "Denial of Service (DoS)" + }, + { + "value": "Disruption Activity", + "expanded": "Disruption Activity" + }, + { + "value": "Espionage", + "expanded": "Espionage" + }, + { + "value": "Espionage Activity", + "expanded": "Espionage Activity" + }, + { + "value": "Exec Targeting ", + "expanded": "Exec Targeting " + }, + { + "value": "Exposure of Data", + "expanded": "Exposure of Data" + }, + { + "value": "Extortion Activity", + "expanded": "Extortion Activity" + }, + { + "value": "Fraud Activity", + "expanded": "Fraud Activity" + }, + { + "value": "General Notification", + "expanded": "General Notification" + }, + { + "value": "Hacktivism Activity", + "expanded": "Hacktivism Activity" + }, + { + "value": "Malicious Insider", + "expanded": "Malicious Insider" + }, + { + "value": "Malware Infection", + "expanded": "Malware Infection" + }, + { + "value": "Man in the Middle Attacks", + "expanded": "Man in the Middle Attacks" + }, + { + "value": "MFA Attack", + "expanded": "MFA Attack" + }, + { + "value": "Mobile Malware", + "expanded": "Mobile Malware" + }, + { + "value": "Phishing Activity", + "expanded": "Phishing Activity" + }, + { + "value": "Ransomware Activity", + "expanded": "Ransomware Activity" + }, + { + "value": "Social Engineering Activity", + "expanded": "Social Engineering Activity" + }, + { + "value": "Social Media Compromise", + "expanded": "Social Media Compromise" + }, + { + "value": "Spear-phishing Activity", + "expanded": "Spear-phishing Activity" + }, + { + "value": "Spyware", + "expanded": "Spyware" + }, + { + "value": "SQL Injection Activity", + "expanded": "SQL Injection Activity" + }, + { + "value": "Supply Chain Compromise", + "expanded": "Supply Chain Compromise" + }, + { + "value": "Trojanised Software", + "expanded": "Trojanised Software" + }, + { + "value": "Vishing", + "expanded": "Vishing" + }, + { + "value": "Website Attack (Other)", + "expanded": "Website Attack (Other)" + }, + { + "value": "Unknown", + "expanded": "Unknown" + } + ] + }, + { + "predicate": "malware_type", + "entry": [ + { + "value": "Adware", + "expanded": "Adware" + }, + { + "value": "Backdoor", + "expanded": "Backdoor" + }, + { + "value": "Banking Trojan", + "expanded": "Banking Trojan" + }, + { + "value": "Botnet", + "expanded": "Botnet" + }, + { + "value": "Destructive", + "expanded": "Destructive" + }, + { + "value": "Downloader", + "expanded": "Downloader" + }, + { + "value": "Exploit Kit", + "expanded": "Exploit Kit" + }, + { + "value": "Fileless Malware", + "expanded": "Fileless Malware" + }, + { + "value": "Keylogger", + "expanded": "Keylogger" + }, + { + "value": "Legitimate Tool", + "expanded": "Legitimate Tool" + }, + { + "value": "Mobile Application", + "expanded": "Mobile Application" + }, + { + "value": "Mobile Malware", + "expanded": "Mobile Malware" + }, + { + "value": "Point-of-Sale (PoS)", + "expanded": "Point-of-Sale (PoS)" + }, + { + "value": "Remote Access Trojan", + "expanded": "Remote Access Trojan" + }, + { + "value": "Rootkit", + "expanded": "Rootkit" + }, + { + "value": "Skimmer", + "expanded": "Skimmer" + }, + { + "value": "Spyware", + "expanded": "Spyware" + }, + { + "value": "Surveillance Tool", + "expanded": "Surveillance Tool" + }, + { + "value": "Trojan", + "expanded": "Trojan" + }, + { + "value": "Virus", + "expanded": "Virus " + }, + { + "value": "Worm", + "expanded": "Worm" + }, + { + "value": "Zero-day", + "expanded": "Zero-day" + }, + { + "value": "Unknown", + "expanded": "Unknown" + } + ] + }, + { + "predicate": "alert_type", + "entry": [ + { + "value": "Actor Campaigns", + "expanded": "Actor Campaigns" + }, + { + "value": "Credential Breaches", + "expanded": "Credential Breaches" + }, + { + "value": "DDoS", + "expanded": "DDoS" + }, + { + "value": "Exploit Alert", + "expanded": "Exploit Alert" + }, + { + "value": "General Notification", + "expanded": "General Notification" + }, + { + "value": "High Impact Vulnerabilities", + "expanded": "High Impact Vulnerabilities" + }, + { + "value": "Information Leakages", + "expanded": "Information Leakages" + }, + { + "value": "Malware Analysis", + "expanded": "Malware Analysis" + }, + { + "value": "Nefarious Domains", + "expanded": "Nefarious Domains" + }, + { + "value": "Nefarious Forum Mention", + "expanded": "Nefarious Forum Mention" + }, + { + "value": "Pastebin Dumps", + "expanded": "Pastebin Dumps" + }, + { + "value": "Phishing Attempts", + "expanded": "Phishing Attempts" + }, + { + "value": "PII Exposure", + "expanded": "PII Exposure" + }, + { + "value": "Sensitive Information Disclosures", + "expanded": "Sensitive Information Disclosures" + }, + { + "value": "Social Media Alerts", + "expanded": "Social Media Alerts" + }, + { + "value": "Supply Chain Event", + "expanded": "Supply Chain Event" + }, + { + "value": "Technical Exposure", + "expanded": "Technical Exposure" + }, + { + "value": "Threat Actor Updates", + "expanded": "Threat Actor Updates" + }, + { + "value": "Trigger Events", + "expanded": "Trigger Events" + } + ] + } + + ] +} From a9eb804553f8cb456c6c15b046ed1f0711f0ccb7 Mon Sep 17 00:00:00 2001 From: paulingega-sa <56026340+paulingega-sa@users.noreply.github.com> Date: Tue, 13 Apr 2021 09:24:12 +0100 Subject: [PATCH 2/2] Update machinetag.json --- threatmatch/machinetag.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/threatmatch/machinetag.json b/threatmatch/machinetag.json index 761830c..71bd30c 100644 --- a/threatmatch/machinetag.json +++ b/threatmatch/machinetag.json @@ -13,15 +13,15 @@ "expanded": "Extensive list of sector definition tags" }, { - "value": "incident_type", + "value": "incident-type", "expanded": "Incident tags are used by the ThreatMatch platform to categorise a relevant incident event." }, { - "value": "malware_type", + "value": "malware-type", "expanded": "Malware tags are used by the ThreatMatch platform to categorise malware types." }, { - "value": "alert_type", + "value": "alert-type", "expanded": "Alert tags are used by the ThreatMatch platform to categorise a relevant threat." } ],