chg: [phishing] various updates and clarification

- psychological-acceptability predicate added to define the social acceptance of a phishing attack
- report-type and report-origin replaced ambiguous type/report
- distribution predicate added to move distribution out of techniques

Thanks to Bertrand Lathoud and Sascha Rommelfangen for the feedback 
pull/158/head
Alexandre Dulaunoy 2019-08-22 14:36:30 +02:00
parent fe5f95c384
commit 4de846cb60
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 51 additions and 12 deletions

View File

@ -1,7 +1,7 @@
{ {
"namespace": "phishing", "namespace": "phishing",
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.", "description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
"version": 1, "version": 2,
"predicates": [ "predicates": [
{ {
"value": "techniques", "value": "techniques",
@ -9,13 +9,18 @@
"description": "Phishing techniques used." "description": "Phishing techniques used."
}, },
{ {
"value": "reported", "value": "distribution",
"expanded": "Reported", "expanded": "Distribution",
"description": "How the phishing is distributed."
},
{
"value": "report-type",
"expanded": "Report type",
"description": "How the phishing information was reported." "description": "How the phishing information was reported."
}, },
{ {
"value": "origin", "value": "report-origin",
"expanded": "Origin", "expanded": "Report origin",
"description": "Origin or source of the phishing information such as tools or services." "description": "Origin or source of the phishing information such as tools or services."
}, },
{ {
@ -27,6 +32,11 @@
"value": "state", "value": "state",
"expanded": "State", "expanded": "State",
"description": "State of the phishing." "description": "State of the phishing."
},
{
"value": "psychological-acceptability",
"expanded": "Psychological acceptability",
"description": "Quality of the phishing by its level of acceptance by the target."
} }
], ],
"values": [ "values": [
@ -58,6 +68,16 @@
"expanded": "Social engineering search engines abuse", "expanded": "Social engineering search engines abuse",
"description": "Adversary controls the search engine result to get an advantage" "description": "Adversary controls the search engine result to get an advantage"
}, },
{
"value": "sms-phishing",
"expanded": "SMS phishing",
"description": "Adversary sends an SMS to a potential victims to gather sensitive information or use another phishing techniques at a later stage."
}
]
},
{
"predicate": "distribution",
"entry": [
{ {
"value": "spear-phishing", "value": "spear-phishing",
"expanded": "Spear phishing", "expanded": "Spear phishing",
@ -67,16 +87,11 @@
"value": "bulk-phishing", "value": "bulk-phishing",
"expanded": "Bulk phishing", "expanded": "Bulk phishing",
"description": "Adversary attempts to target a large group of potential targets without specific knowledge of the victims." "description": "Adversary attempts to target a large group of potential targets without specific knowledge of the victims."
},
{
"value": "sms-phishing",
"expanded": "SMS phishing",
"description": "Adversary sends an SMS to a potential victims to gather sensitive information or use another phishing techniques at a later stage."
} }
] ]
}, },
{ {
"predicate": "reported", "predicate": "report-type",
"entry": [ "entry": [
{ {
"value": "manual-reporting", "value": "manual-reporting",
@ -91,7 +106,7 @@
] ]
}, },
{ {
"predicate": "origin", "predicate": "report-origin",
"entry": [ "entry": [
{ {
"value": "url-abuse", "value": "url-abuse",
@ -154,6 +169,30 @@
"numerical_value": 0 "numerical_value": 0
} }
] ]
},
{
"predicate": "psychological-acceptability",
"entry": [
{
"value": "unknown",
"expanded": "Phishing acceptance rate is unknown."
},
{
"value": "low",
"expanded": "Phishing acceptance rate is low.",
"numerical_value": 25
},
{
"value": "medium",
"expanded": "Phishing acceptance rate is medium.",
"numerical_value": 50
},
{
"value": "high",
"expanded": "Phishing acceptance rate is high.",
"numerical_value": 75
}
]
} }
] ]
} }