Introducing STIX-TTP Taxonomy
The STIX-TTP taxonomy follows the STIX model to handle the classification of event TTPs. This version covers both Victim Trageting by Sector and Victim Targeting by Information Type.pull/54/head
Georges Bossert
parent
40d96b6f2d
commit
5ca99f3505
|
|
@ -33,6 +33,7 @@ The following taxonomies are described:
|
|||
- [NATO Classification Marking](./nato)
|
||||
- [Open Threat Taxonomy v1.1 (SANS)](./open_threat)
|
||||
- [OSINT Open Source Intelligence - Classification](./osint)
|
||||
- [STIX-TTP](./stix-ttp) - Represents the behavior or modus operandi of cyber adversaries as normalized in STIX
|
||||
- [Stealth Malware Taxonomy as defined by Joanna Rutkowska](./stealth-malware)
|
||||
- [The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.](./PAP)
|
||||
- [Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer.](./targeted-threat-index)
|
||||
|
|
@ -124,6 +125,10 @@ Marking of Classified and Unclassified materials as described by the North Atlan
|
|||
|
||||
Open Threat Taxonomy v1.1 base on James Tarala of SANS [ref](http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf).
|
||||
|
||||
### [STIX-TTP](./stix-ttp)
|
||||
|
||||
STIX-TTP exposes a set classification tools that represents the behavior or modus operandi of cyber adversaries as normalized in STIX. TTPs consist of the specific adversary behavior (attack patterns, malware, exploits) exhibited, resources leveraged (tools, infrastructure, personas), information on the victims targeted (who, what or where), relevant ExploitTargets being targeted, intended effects, relevant kill chain phases, handling guidance, source of the TTP information, etc.
|
||||
|
||||
### [Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer.](./targeted-threat-index)
|
||||
|
||||
The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [More info about TTI](https://citizenlab.org/2013/10/targeted-threat-index/).
|
||||
|
|
|
|||
|
|
@ -0,0 +1,115 @@
|
|||
{
|
||||
"namespace": "stix-ttp",
|
||||
"expanded": "STIX TTP",
|
||||
"version": 1,
|
||||
"description": "TTPs are representations of the behavior or modus operandi of cyber adversaries.",
|
||||
"refs": [
|
||||
"http://stixproject.github.io/documentation/idioms/industry-sector/"
|
||||
],
|
||||
"predicates": [
|
||||
{
|
||||
"value": "victim-targeting",
|
||||
"expanded": "Victim Targeting"
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
{
|
||||
"predicate": "victim-targeting",
|
||||
"entry": [
|
||||
{
|
||||
"value": "business-professional-sector",
|
||||
"expanded": "Business & Professional Services Sector"
|
||||
},
|
||||
{
|
||||
"value": "retail-sector",
|
||||
"expanded": "Retail Sector"
|
||||
},
|
||||
{
|
||||
"value": "financial-sector",
|
||||
"expanded": "Financial Services Sector"
|
||||
},
|
||||
{
|
||||
"value": "media-entertainment-sector",
|
||||
"expanded": "Media & Entertainment Sector"
|
||||
},
|
||||
{
|
||||
"value": "construction-engineering-sector",
|
||||
"expanded": "Construction & Engineering Sector"
|
||||
},
|
||||
{
|
||||
"value": "government-international-organizations-sector",
|
||||
"expanded": "Goverment & International Organizations"
|
||||
},
|
||||
{
|
||||
"value": "legal-sector",
|
||||
"expanded": "Legal Services"
|
||||
},
|
||||
{
|
||||
"value": "hightech-it-sector",
|
||||
"expanded": "High-Tech & IT Sector"
|
||||
},
|
||||
{
|
||||
"value": "healthcare-sector",
|
||||
"expanded": "Healthcare Sector"
|
||||
},
|
||||
{
|
||||
"value": "transportation-sector",
|
||||
"expanded": "Transportation Sector"
|
||||
},
|
||||
{
|
||||
"value": "aerospace-defence-sector",
|
||||
"expanded": "Aerospace & Defense Sector"
|
||||
},
|
||||
{
|
||||
"value": "energy-sector",
|
||||
"expanded": "Energy Sector"
|
||||
},
|
||||
{
|
||||
"value": "food-sector",
|
||||
"expanded": "Food Sector"
|
||||
},
|
||||
{
|
||||
"value": "natural-resources-sector",
|
||||
"expanded": "Natural Resources Sector"
|
||||
},
|
||||
{
|
||||
"value": "other-sector",
|
||||
"expanded": "Other Sector"
|
||||
},
|
||||
|
||||
{
|
||||
"value": "corporate-employee-information",
|
||||
"expanded": "Corporate Employee Information"
|
||||
},
|
||||
{
|
||||
"value": "customer-pii",
|
||||
"expanded": "Customer PII"
|
||||
},
|
||||
{
|
||||
"value": "email-lists-archives",
|
||||
"expanded": "Email Lists/Archives"
|
||||
},
|
||||
{
|
||||
"value": "financial-data",
|
||||
"expanded": "Financial Data"
|
||||
},
|
||||
{
|
||||
"value": "intellectual-property",
|
||||
"expanded": "Intellectual Property"
|
||||
},
|
||||
{
|
||||
"value": "mobile-phone-contacts",
|
||||
"expanded": "Mobile Phone Contacts"
|
||||
},
|
||||
{
|
||||
"value": "user-credentials",
|
||||
"expanded": "User Credentials"
|
||||
},
|
||||
{
|
||||
"value": "authentification-cookies",
|
||||
"expanded": "Authentication Cookies"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
Loading…
Reference in New Issue