MISP
/
misp-taxonomies
의 미러 https://github.com/MISP/misp-taxonomies
2
0
포크 0
코드 이슈 릴리즈 위키 활동
소스 검색

JQ all the things

pull/60/head
Raphaël Vinot 5 년 전
부모
94290cfaa9
커밋
3099290e4c
15개의 변경된 파일1119개의 추가작업 그리고 1068개의 파일을 삭제
공백
모든 변경사항 보기 Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
분할 보기
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      MANIFEST.json
  2. 16
      adversary/machinetag.json
  3. 1
      csirt_case_classification/machinetag.json
  4. 146
      dhs-ciip-sectors/machinetag.json
  5. 4
      diamond-model/machinetag.json
  6. 22
      domain-abuse/machinetag.json
  7. 1067
      enisa/machinetag.json
  8. 142
      eu-marketop-and-publicadmin/machinetag.json
  9. 334
      europol-incident/machinetag.json
  10. 27
      information-security-indicators/machinetag.json
  11. 2
      jq_all_the_things.sh
  12. 5
      malware_classification/machinetag.json
  13. 50
      misp/machinetag.json
  14. 138
      passivetotal/machinetag.json
  15. 225
      stix-ttp/machinetag.json

8
MANIFEST.json
파일 보기

@ -40,7 +40,7 @@
"name": "dni-ism",
"version": 3
},
{
{
"description": "Taxonomy to tag domain names used for cybercrime.",
"name": "domain-abuse",
"version": 1
@ -166,9 +166,9 @@
"version": 1
},
{
"description" : "Tags for RiskIQ's passivetotal service",
"name" : "passivetotal",
"version" : 1
"description": "Tags for RiskIQ's passivetotal service",
"name": "passivetotal",
"version": 1
}
]
}

16
adversary/machinetag.json
파일 보기

@ -38,9 +38,9 @@
}
]
},
{
"predicate": "infrastructure-action",
"entry": [
{
"predicate": "infrastructure-action",
"entry": [
{
"value": "passive-only",
"expanded": "Only passive requests shall be performed to avoid detection by the adversary"
@ -57,11 +57,11 @@
"value": "pending-law-enforcement-request",
"expanded": "Law enforcement requests are ongoing on the adversary infrastructure"
}
]
},
]
},
{
"predicate": "infrastructure-state",
"entry": [
"predicate": "infrastructure-state",
"entry": [
{
"value": "unknown",
"expanded": "Infrastructure state is unknown or cannot be evaluated"
@ -74,7 +74,7 @@
"value": "down",
"expanded": "Infrastructure state is known to be down"
}
]
]
},
{
"predicate": "infrastructure-type",

1
csirt_case_classification/machinetag.json
파일 보기

@ -102,4 +102,3 @@
}
]
}

146
dhs-ciip-sectors/machinetag.json
파일 보기

@ -1,64 +1,86 @@
{
"namespace": "dhs-ciip-sectors",
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
"version": 2,
"predicates": [{
"value": "DHS-critical-sectors",
"expanded": "DHS critical sectors"
}, {
"value": "sector",
"expanded": "Sector"
}],
"values": [{
"predicate": "DHS-critical-sectors",
"entry": [{
"value": "chemical",
"expanded": "Chemical"
}, {
"value": "commercial-facilities",
"expanded": "Commercial Facilities"
}, {
"value": "communications",
"expanded": "Communications"
}, {
"value": "critical-manufacturing",
"expanded": "Critical Manufacturing"
}, {
"value": "dams",
"expanded": "Dams"
}, {
"value": "dib",
"expanded": "Defense Industrial Base"
}, {
"value": "emergency-services",
"expanded": "Emergency services"
}, {
"value": "energy",
"expanded": "energy"
}, {
"value": "financial-services",
"expanded": "Financial Services"
}, {
"value": "food-agriculture",
"expanded": "Food and Agriculture"
}, {
"value": "government-facilities",
"expanded": "Government Facilities"
}, {
"value": "healthcare-public",
"expanded": "Healthcare and Public Health"
}, {
"value": "it",
"expanded": "Information Technology"
}, {
"value": "nuclear",
"expanded": "Nuclear"
}, {
"value": "transport",
"expanded": "Transportation Systems"
}, {
"value": "water",
"expanded": "Water and water systems"
}]
}]
"namespace": "dhs-ciip-sectors",
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
"version": 2,
"predicates": [
{
"value": "DHS-critical-sectors",
"expanded": "DHS critical sectors"
},
{
"value": "sector",
"expanded": "Sector"
}
],
"values": [
{
"predicate": "DHS-critical-sectors",
"entry": [
{
"value": "chemical",
"expanded": "Chemical"
},
{
"value": "commercial-facilities",
"expanded": "Commercial Facilities"
},
{
"value": "communications",
"expanded": "Communications"
},
{
"value": "critical-manufacturing",
"expanded": "Critical Manufacturing"
},
{
"value": "dams",
"expanded": "Dams"
},
{
"value": "dib",
"expanded": "Defense Industrial Base"
},
{
"value": "emergency-services",
"expanded": "Emergency services"
},
{
"value": "energy",
"expanded": "energy"
},
{
"value": "financial-services",
"expanded": "Financial Services"
},
{
"value": "food-agriculture",
"expanded": "Food and Agriculture"
},
{
"value": "government-facilities",
"expanded": "Government Facilities"
},
{
"value": "healthcare-public",
"expanded": "Healthcare and Public Health"
},
{
"value": "it",
"expanded": "Information Technology"
},
{
"value": "nuclear",
"expanded": "Nuclear"
},
{
"value": "transport",
"expanded": "Transportation Systems"
},
{
"value": "water",
"expanded": "Water and water systems"
}
]
}
]
}

4
diamond-model/machinetag.json
파일 보기

@ -3,7 +3,9 @@
"expanded": "Diamond Model for Intrusion Analysis",
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
"version": 1,
"ref": ["http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"],
"ref": [
"http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"
],
"predicates": [
{
"value": "Adversary",

22
domain-abuse/machinetag.json
파일 보기

@ -22,9 +22,9 @@
{
"value": "active",
"expanded": "Registered & active",
"description": "Domain name is registered and DNS is delegated"
"description": "Domain name is registered and DNS is delegated"
},
{
{
"value": "inactive",
"expanded": "Registered & inactive",
"description": "Domain name is registered and DNS is not delegated"
@ -34,17 +34,17 @@
"expanded": "Registered & suspended",
"description": "Domain name is registered & DNS delegation is temporarily removed by the registry"
},
{
{
"value": "not-registered",
"expanded": "Not registered",
"description": "Domain name is not registered and open for registration"
},
{
{
"value": "not-registrable",
"expanded": "Not registrable",
"description": "Domain is not registered and cannot be registered"
},
{
{
"value": "grace-period",
"expanded": "Grace period",
"description": "Domain is deleted and still reserved for previous owner"
@ -57,24 +57,24 @@
{
"value": "criminal-registration",
"expanded": "Criminal registration",
"description": "Domain name is registered for criminal purposes"
"description": "Domain name is registered for criminal purposes"
},
{
"value": "compromised-webserver",
"expanded": "Compromised webserver",
"description": "Webserver is compromised for criminal purposes"
"description": "Webserver is compromised for criminal purposes"
},
{
"value": "compromised-dns",
"expanded": "Compromised DNS",
"description": "Compromised authoritative DNS or compromised delegation"
"description": "Compromised authoritative DNS or compromised delegation"
},
{
"value": "sinkhole",
"expanded": "Sinkhole",
"description": "Domain Name is sinkholed for research, detection, LE"
"description": "Domain Name is sinkholed for research, detection, LE"
}
]
]
}
]
}
}

1067
enisa/machinetag.json
파일 보기

파일 크기가 너무 크기때문에 변경 상태를 표시하지 않습니다.

142
eu-marketop-and-publicadmin/machinetag.json
파일 보기

@ -1,62 +1,84 @@
{
"namespace": "eu-marketop-and-publicadmin",
"description": "Market operators and public administrations that must comply to some notifications requirements under EU NIS directive",
"version": 1,
"predicates": [{
"value": "critical-infra-operators",
"expanded": "Critical Infrastructure Operators"
}, {
"value": "info-services",
"expanded": "Information Society services enablers"
}, {
"value": "public-admin",
"expanded": "Public administration"
}],
"values": [{
"predicate": "critical-infra-operators",
"entry": [{
"value": "transport",
"expanded": "Transport"
}, {
"value": "energy",
"expanded": "Energy"
}, {
"value": "health",
"expanded": "Health"
}, {
"value": "financial",
"expanded": "Financial market operators"
}, {
"value": "banking",
"expanded": "Banking"
}]
}, {
"predicate": "info-services",
"entry": [{
"value": "e-commerce",
"expanded": "e-commerce platforms"
}, {
"value": "internet-payment",
"expanded": "Internet payment"
}, {
"value": "cloud",
"expanded": "cloud computing"
}, {
"value": "search-engines",
"expanded": "search engines"
}, {
"value": "socnet",
"expanded": "social networks"
}, {
"value": "app-stores",
"expanded": "application stores"
}]
}, {
"predicate": "public-admin",
"entry": [{
"value": "public-admin",
"expanded": "Public Administrations"
}]
}]
"namespace": "eu-marketop-and-publicadmin",
"description": "Market operators and public administrations that must comply to some notifications requirements under EU NIS directive",
"version": 1,
"predicates": [
{
"value": "critical-infra-operators",
"expanded": "Critical Infrastructure Operators"
},
{
"value": "info-services",
"expanded": "Information Society services enablers"
},
{
"value": "public-admin",
"expanded": "Public administration"
}
],
"values": [
{
"predicate": "critical-infra-operators",
"entry": [
{
"value": "transport",
"expanded": "Transport"
},
{
"value": "energy",
"expanded": "Energy"
},
{
"value": "health",
"expanded": "Health"
},
{
"value": "financial",
"expanded": "Financial market operators"
},
{
"value": "banking",
"expanded": "Banking"
}
]
},
{
"predicate": "info-services",
"entry": [
{
"value": "e-commerce",
"expanded": "e-commerce platforms"
},
{
"value": "internet-payment",
"expanded": "Internet payment"
},
{
"value": "cloud",
"expanded": "cloud computing"
},
{
"value": "search-engines",
"expanded": "search engines"
},
{
"value": "socnet",
"expanded": "social networks"
},
{
"value": "app-stores",
"expanded": "application stores"
}
]
},
{
"predicate": "public-admin",
"entry": [
{
"value": "public-admin",
"expanded": "Public Administrations"
}
]
}
]
}

334
europol-incident/machinetag.json
파일 보기

@ -1,195 +1,195 @@
{
"version": 1,
"description": "This taxonomy was designed to describe the type of incidents by class.",
"expanded": "Europol class of incidents taxonomy",
"namespace": "europol-incident",
"predicates": [
{
"value": "malware",
"expanded": "Malware"
},
{
"value": "availability",
"expanded": "Availability"
},
"version": 1,
"description": "This taxonomy was designed to describe the type of incidents by class.",
"expanded": "Europol class of incidents taxonomy",
"namespace": "europol-incident",
"predicates": [
{
"value": "malware",
"expanded": "Malware"
},
{
"value": "availability",
"expanded": "Availability"
},
{
"value": "information-gathering",
"expanded": "Gathering of information"
},
{
"value": "intrusion-attempt",
"expanded": "Intrusion attempt"
},
{
"value": "intrusion",
"expanded": "Intrusion"
},
{
"value": "information-security",
"expanded": "Information security"
},
{
"value": "fraud",
"expanded": "Fraud"
},
{
"value": "abusive-content",
"expanded": "Abusive content"
},
{
"value": "other",
"expanded": "Other"
}
],
"values": [
{
"predicate": "malware",
"entry": [
{
"value": "infection",
"expanded": "Infection",
"description": "Infecting one or various systems with a specific type of malware."
},
{
"value": "distribution",
"expanded": "Distribution",
"description": "Infecting one or various systems with a specific type of malware."
},
{
"value": "c&c",
"expanded": "C&C",
"description": "Infecting one or various systems with a specific type of malware."
},
{
"value": "undetermined",
"expanded": "Undetermined"
}
]
},
{
"predicate": "availability",
"entry": [
{
"value": "information-gathering",
"expanded": "Gathering of information"
"value": "dos-ddos",
"expanded": "DoS/DDoS",
"description": "Disruption of the processing and response capacity of systems and networks in order to render them inoperative."
},
{
"value": "intrusion-attempt",
"expanded": "Intrusion attempt"
},
"value": "sabotage",
"expanded": "Sabotage",
"description": "Premeditated action to damage a system, interrupt a process, change or delete information, etc."
}
]
},
{
"predicate": "information-gathering",
"entry": [
{
"value": "intrusion",
"expanded": "Intrusion"
"value": "scanning",
"expanded": "Scanning",
"description": "Active and passive gathering of information on systems or networks."
},
{
"value": "information-security",
"expanded": "Information security"
"value": "sniffing",
"expanded": "Sniffing",
"description": "Unauthorised monitoring and reading of network traffic."
},
{
"value": "fraud",
"expanded": "Fraud"
},
"value": "phishing",
"expanded": "Phishing",
"description": "Attempt to gather information on a user or a system through phishing methods."
}
]
},
{
"predicate": "intrusion-attempt",
"entry": [
{
"value": "abusive-content",
"expanded": "Abusive content"
"value": "exploitation-vulnerability",
"expanded": "Exploitation of vulnerability",
"description": "Attempt to intrude by exploiting a vulnerability in a system, component or network."
},
{
"value": "other",
"expanded": "Other"
"value": "login-attempt",
"expanded": "Login attempt",
"description": "Attempt to log in to services or authentication / access control mechanisms."
}
],
"values": [
{
"predicate": "malware",
"entry": [
{
"value": "infection",
"expanded": "Infection",
"description": "Infecting one or various systems with a specific type of malware."
},
{
"value": "distribution",
"expanded": "Distribution",
"description": "Infecting one or various systems with a specific type of malware."
},
{
"value": "c&c",
"expanded": "C&C",
"description": "Infecting one or various systems with a specific type of malware."
},
{
"value": "undetermined",
"expanded": "Undetermined"
}
]
},
]
},
{
"predicate": "intrusion",
"entry": [
{
"predicate": "availability",
"entry": [
{
"value": "dos-ddos",
"expanded": "DoS/DDoS",
"description": "Disruption of the processing and response capacity of systems and networks in order to render them inoperative."
},
{
"value": "sabotage",
"expanded": "Sabotage",
"description": "Premeditated action to damage a system, interrupt a process, change or delete information, etc."
}
]
"value": "exploitation-vulnerability",
"expanded": "Exploitation of vulnerability",
"description": "Actual intrusion by exploiting a vulnerability in the system, component or network."
},
{
"predicate": "information-gathering",
"entry": [
{
"value": "scanning",
"expanded": "Scanning",
"description": "Active and passive gathering of information on systems or networks."
},
{
"value": "sniffing",
"expanded": "Sniffing",
"description": "Unauthorised monitoring and reading of network traffic."
},
{
"value": "phishing",
"expanded": "Phishing",
"description": "Attempt to gather information on a user or a system through phishing methods."
}
]
},
"value": "compromising-account",
"expanded": "Compromising an account",
"description": "Actual intrusion in a system, component or network by compromising a user or administrator account."
}
]
},
{
"predicate": "information-security",
"entry": [
{
"predicate": "intrusion-attempt",
"entry": [
{
"value": "exploitation-vulnerability",
"expanded": "Exploitation of vulnerability",
"description": "Attempt to intrude by exploiting a vulnerability in a system, component or network."
},
{
"value": "login-attempt",
"expanded": "Login attempt",
"description": "Attempt to log in to services or authentication / access control mechanisms."
}
]
"value": "unauthorized-access",
"expanded": "Unauthorised access",
"description": "Unauthorised access to a particular set of information"
},
{
"predicate": "intrusion",
"entry": [
{
"value": "exploitation-vulnerability",
"expanded": "Exploitation of vulnerability",
"description": "Actual intrusion by exploiting a vulnerability in the system, component or network."
},
{
"value": "compromising-account",
"expanded": "Compromising an account",
"description": "Actual intrusion in a system, component or network by compromising a user or administrator account."
}
]
},
"value": "unauthorized-modification",
"expanded": "Unauthorised modification/deletion",
"description": "Unauthorised change or elimination of a particular set of information"
}
]
},
{
"predicate": "fraud",
"entry": [
{
"predicate": "information-security",
"entry": [
{
"value": "unauthorized-access",
"expanded": "Unauthorised access",
"description": "Unauthorised access to a particular set of information"
},
{
"value": "unauthorized-modification",
"expanded": "Unauthorised modification/deletion",
"description": "Unauthorised change or elimination of a particular set of information"
}
]
"value": "illegitimate-use-resources",
"expanded": "Misuse or unauthorised use of resources",
"description": "Use of institutional resources for purposes other than those intended."
},
{
"predicate": "fraud",
"entry": [
{
"value": "illegitimate-use-resources",
"expanded": "Misuse or unauthorised use of resources",
"description": "Use of institutional resources for purposes other than those intended."
},
{
"value": "illegitimate-use-name",
"expanded": "Illegitimate use of the name of a third party",
"description": "Use of the name of an institution without permission to do so."
}
]
"value": "illegitimate-use-name",
"expanded": "Illegitimate use of the name of a third party",
"description": "Use of the name of an institution without permission to do so."
}
]
},
{
"predicate": "abusive-content",
"entry": [
{
"value": "spam",
"expanded": "SPAM",
"description": " Sending SPAM messages."
},
{
"predicate": "abusive-content",
"entry": [
{
"value": "spam",
"expanded": "SPAM",
"description": " Sending SPAM messages."
},
{
"value": "copyright",
"expanded": "Copyright",
"description": "Distribution and sharing of copyright protected content."
},
{
"value": "content-forbidden-by-law",
"expanded": "Dissemination of content forbidden by law.",
"description": "Child pornography, racism and apology of violence."
}
]
"value": "copyright",
"expanded": "Copyright",
"description": "Distribution and sharing of copyright protected content."
},
{
"predicate": "other",
"entry": [
{
"value": "other",
"expanded": "Other",
"description": " Other type of unspecified incident"
}
]
"value": "content-forbidden-by-law",
"expanded": "Dissemination of content forbidden by law.",
"description": "Child pornography, racism and apology of violence."
}
]
},
{
"predicate": "other",
"entry": [
{
"value": "other",
"expanded": "Other",
"description": " Other type of unspecified incident"
}
]
]
}
]
}

27
information-security-indicators/machinetag.json
파일 보기

@ -139,7 +139,8 @@
"description": "This indicator measures illicit entrance of individuals into security perimeter."
}
]
},{
},
{
"predicate": "IMF",
"entry": [
{
@ -188,7 +189,8 @@
"description": "This indicator primarily relates to Personal Identifiable Information (PII) protected by privacy laws, to information falling under the PCI-DSS regulation, to information falling under European regulation in the area of breach notification (Telcos and ISPs to begin with), and to information about electronic exchanges between employees and the exterior (electronic messaging and Internet connection). This indicator does not include possible difficulties pertaining to proof forwarding from field operations to governance (state-of-the-art unavailable). This indicator is a sub-set of indicator IMF_LOG.1, but can be identical to this one in advanced organizations."
}
]
},{
},
{
"predicate": "IDB",
"entry": [
{
@ -247,7 +249,8 @@
"description": "This event is generally decided and deployed by an administrator in order to improve performance of the system under his/her responsibility (illicit voluntary stoppage). This indicator is a reduced subset of indicator IUS_RGH.5"
}
]
},{
},
{
"predicate": "IWH",
"entry": [
{
@ -281,7 +284,8 @@
"description": "This indicator measures security incidents tied to assets (on servers) non-inventoried and not managed by appointed teams. It is a key indicator insofar as a high percentage of incidents corresponds with this indicator on average in the profession (according to some public surveys)."
}
]
},{
},
{
"predicate": "VBH",
"entry": [
{
@ -400,7 +404,8 @@
"description": "This vulnerability applies to discussions through on-line media leading to leakage of personal identifiable information (PII) or various business details to be used later (notably for identity usurpation) "
}
]
},{
},
{
"predicate": "VSW",
"entry": [
{
@ -419,7 +424,8 @@
"description": "This indicators measures software vulnerabilities detected in Web browsers running on workstations."
}
]
},{
},
{
"predicate": "VCF",
"entry": [
{
@ -473,7 +479,8 @@
"description": "This indicator measures accounts inactive for at least 2 months that have not been disabled. These accounts are not used by their users due to prolonged but not definitive absence (long term illness, maternity, etc.), with the exclusion of messaging accounts (which should remain accessible to users from their home)."
}
]
},{
},
{
"predicate": "VTC",
"entry": [
{
@ -507,7 +514,8 @@
"description": "This indicator includes access to protected internal areas. The 1st cause is the lack of effective control of users at software level. The 2nd cause is hardware breakdown of a component in the chain."
}
]
},{
},
{
"predicate": "VOR",
"entry": [
{
@ -556,7 +564,8 @@
"description": "This indicator measures the launch of new IT projects of a standard type without identification of vulnerabilities and threats and of related security measures. For these IT projects, potential implementation of a simplified risk analysis method or of pre-defined security profiles can be applied."
}
]
},{
},
{
"predicate": "IMP",
"entry": [
{

2
jq_all_the_things.sh
파일 보기

@ -5,7 +5,7 @@ set -x
# Seeds sponge, from moreutils
for dir in ./*/list.json
for dir in ./*/machinetag.json
do
cat ${dir} | jq . | sponge ${dir}
done

5
malware_classification/machinetag.json
파일 보기

@ -57,8 +57,8 @@
"expanded": "Spyware"
},
{
"value": "Botnet",
"expanded": "Botnet"
"value": "Botnet",
"expanded": "Botnet"
}
]
},
@ -163,4 +163,3 @@
}
]
}

50
misp/machinetag.json
파일 보기

@ -19,17 +19,17 @@
"predicate": "api"
},
{
"predicate": "contributor",
"entry": [
"predicate": "contributor",
"entry": [
{
"expanded": "OpenPGP Fingerprint",
"value": "pgpfingerprint"
}
]
]
},
{
"predicate": "confidence-level",
"entry": [
"predicate": "confidence-level",
"entry": [
{
"expanded": "Completely confident",
"value": "completely-confident",
@ -59,36 +59,36 @@
"expanded": "Confidence cannot be evaluated",
"value": "confidence-cannot-be-evalued"
}
]
]
},
{
"predicate": "threat-level",
"entry": [
"predicate": "threat-level",
"entry": [
{
"expanded": "No risk",
"value": "no-risk",
"numerical_value": 0,
"description": "Harmless information. (CEUS threat level)"
"expanded": "No risk",
"value": "no-risk",
"numerical_value": 0,
"description": "Harmless information. (CEUS threat level)"
},
{
"expanded": "Low risk",
"value": "low-risk",
"numerical_value": 25,
"description": "Low risk which can include mass-malware. (CEUS threat level)"
"expanded": "Low risk",
"value": "low-risk",
"numerical_value": 25,
"description": "Low risk which can include mass-malware. (CEUS threat level)"
},
{
"expanded": "Medium risk",
"value": "medium-risk",
"numerical_value": 50,
"description": "Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)"
"expanded": "Medium risk",
"value": "medium-risk",
"numerical_value": 50,
"description": "Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)"
},
{
"expanded": "High risk",
"value": "high-risk",
"numerical_value": 100,
"description": "High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)"
"expanded": "High risk",
"value": "high-risk",
"numerical_value": 100,
"description": "High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)"
}
]
]
}
],
"predicates": [

138
passivetotal/machinetag.json
파일 보기

@ -1,86 +1,86 @@
{
"namespace" : "passivetotal",
"expanded" : "PassiveTotal",
"description": "Tags from RiskIQ's PassiveTotal service",
"version" : 1,
"predicates": [
"namespace": "passivetotal",
"expanded": "PassiveTotal",
"description": "Tags from RiskIQ's PassiveTotal service",
"version": 1,
"predicates": [
{
"value": "sinkholed",
"expanded": "Sinkhole Status"
},
{
"value": "ever-comprimised",
"expanded": "Ever Comprimised?"
},
{
"value": "class",
"expanded": "Classification"
},
{
"value": "dynamic-dns",
"expanded": "Dynamic DNS"
}
],
"values": [
{
"predicate": "sinkholed",
"entry": [
{
"value" : "sinkholed",
"expanded": "Sinkhole Status"
"value": "yes",
"expanded": "Yes"
},
{
"value" : "ever-comprimised",
"expanded" : "Ever Comprimised?"
"value": "no",
"expanded": "No"
}
]
},
{
"predicate": "ever-comprimised",
"entry": [
{
"value": "yes",
"expanded": "Yes"
},
{
"value" : "class",
"expanded" : "Classification"
"value": "no",
"expanded": "No"
}
]
},
{
"predicate": "dynamic-dns",
"entry": [
{
"value": "yes",
"expanded": "Yes"
},
{
"value" : "dynamic-dns",
"expanded": "Dynamic DNS"
"value": "no",
"expanded": "No"
}
],
"values" : [
{
"predicate" : "sinkholed",
"entry" : [
{
"value" : "yes",
"expanded": "Yes"
},
{
"value" : "no",
"expanded" : "No"
}
]
]
},
{
"predicate": "class",
"entry": [
{
"value": "malicious",
"expanded": "Malicious"
},
{
"predicate" : "ever-comprimised",
"entry" : [
{
"value" : "yes",
"expanded": "Yes"
},
{
"value" : "no",
"expanded" : "No"
}
]
"value": "suspicious",
"expanded": "Malicious"
},
{
"predicate" : "dynamic-dns",
"entry" : [
{
"value" : "yes",
"expanded": "Yes"
},
{
"value" : "no",
"expanded" : "No"
}
]
"value": "non-malicious",
"expanded": "Non Malicious"
},
{
"predicate" : "class",
"entry" : [
{
"value" : "malicious",
"expanded" : "Malicious"
},
{
"value" : "suspicious",
"expanded": "Malicious"
},
{
"value": "non-malicious",
"expanded": "Non Malicious"
},
{
"value" : "unknown",
"expanded" : "Unknown"
}
]
"value": "unknown",
"expanded": "Unknown"
}
]
]
}
]
}

225
stix-ttp/machinetag.json
파일 보기

@ -1,115 +1,114 @@
{
"namespace": "stix-ttp",
"expanded": "STIX TTP",
"version": 1,
"description": "TTPs are representations of the behavior or modus operandi of cyber adversaries.",
"refs": [
"http://stixproject.github.io/documentation/idioms/industry-sector/"
],
"predicates": [
{
"value": "victim-targeting",
"expanded": "Victim Targeting"
}
],
"values": [
{
"predicate": "victim-targeting",
"entry": [
{
"value": "business-professional-sector",
"expanded": "Business & Professional Services Sector"
},
{
"value": "retail-sector",
"expanded": "Retail Sector"
},
{
"value": "financial-sector",
"expanded": "Financial Services Sector"
},
{
"value": "media-entertainment-sector",
"expanded": "Media & Entertainment Sector"
},
{
"value": "construction-engineering-sector",
"expanded": "Construction & Engineering Sector"
},
{
"value": "government-international-organizations-sector",
"expanded": "Goverment & International Organizations"
},
{
"value": "legal-sector",
"expanded": "Legal Services"
},
{
"value": "hightech-it-sector",
"expanded": "High-Tech & IT Sector"
},
{
"value": "healthcare-sector",
"expanded": "Healthcare Sector"
},
{
"value": "transportation-sector",
"expanded": "Transportation Sector"
},
{
"value": "aerospace-defence-sector",
"expanded": "Aerospace & Defense Sector"
},
{
"value": "energy-sector",
"expanded": "Energy Sector"
},
{
"value": "food-sector",
"expanded": "Food Sector"
},
{
"value": "natural-resources-sector",
"expanded": "Natural Resources Sector"
},
{
"value": "other-sector",
"expanded": "Other Sector"
},
{
"value": "corporate-employee-information",
"expanded": "Corporate Employee Information"
},
{
"value": "customer-pii",
"expanded": "Customer PII"
},
{
"value": "email-lists-archives",
"expanded": "Email Lists/Archives"
},
{
"value": "financial-data",
"expanded": "Financial Data"
},
{
"value": "intellectual-property",
"expanded": "Intellectual Property"
},
{
"value": "mobile-phone-contacts",
"expanded": "Mobile Phone Contacts"
},
{
"value": "user-credentials",
"expanded": "User Credentials"
},
{
"value": "authentification-cookies",
"expanded": "Authentication Cookies"
}
]
}
]
"namespace": "stix-ttp",
"expanded": "STIX TTP",
"version": 1,
"description": "TTPs are representations of the behavior or modus operandi of cyber adversaries.",
"refs": [
"http://stixproject.github.io/documentation/idioms/industry-sector/"
],
"predicates": [
{
"value": "victim-targeting",
"expanded": "Victim Targeting"
}
],
"values": [
{
"predicate": "victim-targeting",
"entry": [
{
"value": "business-professional-sector",
"expanded": "Business & Professional Services Sector"
},
{
"value": "retail-sector",
"expanded": "Retail Sector"
},
{
"value": "financial-sector",
"expanded": "Financial Services Sector"
},
{
"value": "media-entertainment-sector",
"expanded": "Media & Entertainment Sector"
},
{
"value": "construction-engineering-sector",
"expanded": "Construction & Engineering Sector"
},
{
"value": "government-international-organizations-sector",
"expanded": "Goverment & International Organizations"
},
{
"value": "legal-sector",
"expanded": "Legal Services"
},
{
"value": "hightech-it-sector",
"expanded": "High-Tech & IT Sector"
},
{
"value": "healthcare-sector",
"expanded": "Healthcare Sector"
},
{
"value": "transportation-sector",
"expanded": "Transportation Sector"
},
{
"value": "aerospace-defence-sector",
"expanded": "Aerospace & Defense Sector"
},
{
"value": "energy-sector",
"expanded": "Energy Sector"
},
{
"value": "food-sector",
"expanded": "Food Sector"
},
{
"value": "natural-resources-sector",
"expanded": "Natural Resources Sector"
},
{
"value": "other-sector",
"expanded": "Other Sector"
},
{
"value": "corporate-employee-information",
"expanded": "Corporate Employee Information"
},
{
"value": "customer-pii",
"expanded": "Customer PII"
},
{
"value": "email-lists-archives",
"expanded": "Email Lists/Archives"
},
{
"value": "financial-data",
"expanded": "Financial Data"
},
{
"value": "intellectual-property",
"expanded": "Intellectual Property"
},
{
"value": "mobile-phone-contacts",
"expanded": "Mobile Phone Contacts"
},
{
"value": "user-credentials",
"expanded": "User Credentials"
},
{
"value": "authentification-cookies",
"expanded": "Authentication Cookies"
}
]
}
]
}

쓰기 미리보기
불러오는 중...
취소
저장