chg: [phishing] various updates and clarification
- psychological-acceptability predicate added to define the social acceptance of a phishing attack
- report-type and report-origin replaced ambiguous type/report
- distribution predicate added to move distribution out of techniques
Thanks to Bertrand Lathoud and Sascha Rommelfangen for the feedback ✨
pull/158/head
parent
fe5f95c384
commit
4de846cb60
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"namespace": "phishing",
|
"namespace": "phishing",
|
||||||
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
|
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
|
||||||
"version": 1,
|
"version": 2,
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "techniques",
|
"value": "techniques",
|
||||||
|
@ -9,13 +9,18 @@
|
||||||
"description": "Phishing techniques used."
|
"description": "Phishing techniques used."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "reported",
|
"value": "distribution",
|
||||||
"expanded": "Reported",
|
"expanded": "Distribution",
|
||||||
|
"description": "How the phishing is distributed."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "report-type",
|
||||||
|
"expanded": "Report type",
|
||||||
"description": "How the phishing information was reported."
|
"description": "How the phishing information was reported."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "origin",
|
"value": "report-origin",
|
||||||
"expanded": "Origin",
|
"expanded": "Report origin",
|
||||||
"description": "Origin or source of the phishing information such as tools or services."
|
"description": "Origin or source of the phishing information such as tools or services."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -27,6 +32,11 @@
|
||||||
"value": "state",
|
"value": "state",
|
||||||
"expanded": "State",
|
"expanded": "State",
|
||||||
"description": "State of the phishing."
|
"description": "State of the phishing."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "psychological-acceptability",
|
||||||
|
"expanded": "Psychological acceptability",
|
||||||
|
"description": "Quality of the phishing by its level of acceptance by the target."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"values": [
|
"values": [
|
||||||
|
@ -58,6 +68,16 @@
|
||||||
"expanded": "Social engineering search engines abuse",
|
"expanded": "Social engineering search engines abuse",
|
||||||
"description": "Adversary controls the search engine result to get an advantage"
|
"description": "Adversary controls the search engine result to get an advantage"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"value": "sms-phishing",
|
||||||
|
"expanded": "SMS phishing",
|
||||||
|
"description": "Adversary sends an SMS to a potential victims to gather sensitive information or use another phishing techniques at a later stage."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "distribution",
|
||||||
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "spear-phishing",
|
"value": "spear-phishing",
|
||||||
"expanded": "Spear phishing",
|
"expanded": "Spear phishing",
|
||||||
|
@ -67,16 +87,11 @@
|
||||||
"value": "bulk-phishing",
|
"value": "bulk-phishing",
|
||||||
"expanded": "Bulk phishing",
|
"expanded": "Bulk phishing",
|
||||||
"description": "Adversary attempts to target a large group of potential targets without specific knowledge of the victims."
|
"description": "Adversary attempts to target a large group of potential targets without specific knowledge of the victims."
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "sms-phishing",
|
|
||||||
"expanded": "SMS phishing",
|
|
||||||
"description": "Adversary sends an SMS to a potential victims to gather sensitive information or use another phishing techniques at a later stage."
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate": "reported",
|
"predicate": "report-type",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "manual-reporting",
|
"value": "manual-reporting",
|
||||||
|
@ -91,7 +106,7 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate": "origin",
|
"predicate": "report-origin",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "url-abuse",
|
"value": "url-abuse",
|
||||||
|
@ -154,6 +169,30 @@
|
||||||
"numerical_value": 0
|
"numerical_value": 0
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "psychological-acceptability",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "unknown",
|
||||||
|
"expanded": "Phishing acceptance rate is unknown."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "low",
|
||||||
|
"expanded": "Phishing acceptance rate is low.",
|
||||||
|
"numerical_value": 25
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "medium",
|
||||||
|
"expanded": "Phishing acceptance rate is medium.",
|
||||||
|
"numerical_value": 50
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "high",
|
||||||
|
"expanded": "Phishing acceptance rate is high.",
|
||||||
|
"numerical_value": 75
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue