MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'main' of github.com:misp/misp-taxonomies

pull/265/head
Christian Studer 2023-05-26 11:46:42 +02:00
parent 7222d44107 46e4128897
commit 6b77005beb
9 changed files with 408 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/nosetests.yml vendored
View File

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.6', '3.7', '3.8', '3.9', '3.10']
python-version: [3.8, 3.9, '3.10']
steps:

11
MANIFEST.json
View File

@ -169,9 +169,9 @@
"version": 1
},
{
"description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project",
"description": "Criminal motivation and content detection the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project and extended by the JRC (Joint Research Centre) of the European Commission.",
"name": "dark-web",
"version": 4
"version": 5
},
{
"description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.",
@ -413,6 +413,11 @@
"name": "infoleak",
"version": 7
},
{
"description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.",
"name": "information-origin",
"version": 2
},
{
"description": "Taxonomy to classify the information security data sources.",
"name": "information-security-data-source",
@ -735,5 +740,5 @@
}
],
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
"version": "20221202"
"version": "20230514"
}

15
README.md
View File

@ -82,6 +82,11 @@ A pre-approved category of action for indicators being shared with partners (MIM
[artificial-satellites](https://github.com/MISP/misp-taxonomies/tree/main/artificial-satellites) :
This taxonomy was designed to describe artificial satellites [Overview](https://www.misp-project.org/taxonomies.html#_artificial_satellites)
### aviation
[aviation](https://github.com/MISP/misp-taxonomies/tree/main/aviation) :
A taxonomy describing security threats or incidents against the aviation sector. [Overview](https://www.misp-project.org/taxonomies.html#_aviation)
### binary-class
[binary-class](https://github.com/MISP/misp-taxonomies/tree/main/binary-class) :
@ -502,6 +507,11 @@ classification for the identification of type of misinformation among websites.
[misp](https://github.com/MISP/misp-taxonomies/tree/main/misp) :
MISP taxonomy to infer with MISP behavior or operation. [Overview](https://www.misp-project.org/taxonomies.html#_misp)
### misp-workflow
[misp-workflow](https://github.com/MISP/misp-taxonomies/tree/main/misp-workflow) :
MISP workflow taxonomy to support result of workflow execution. [Overview](https://www.misp-project.org/taxonomies.html#_misp_workflow)
### monarc-threat
[monarc-threat](https://github.com/MISP/misp-taxonomies/tree/main/monarc-threat) :
@ -632,6 +642,11 @@ Flags describing the sample for isotopic data (C14, O18) [Overview](https://www.
[scrippsco2-sampling-stations](https://github.com/MISP/misp-taxonomies/tree/main/scrippsco2-sampling-stations) :
Sampling stations of the Scripps CO2 Program [Overview](https://www.misp-project.org/taxonomies.html#_scrippsco2_sampling_stations)
### sentinel-threattype
[sentinel-threattype](https://github.com/MISP/misp-taxonomies/tree/main/sentinel-threattype) :
Sentinel indicator threat types. [Overview](https://www.misp-project.org/taxonomies.html#_sentinel_threattype)
### smart-airports-threats
[smart-airports-threats](https://github.com/MISP/misp-taxonomies/tree/main/smart-airports-threats) :

206
aviation/machinetag.json
View File

@ -1,31 +1,31 @@
{
"predicates": [
{
"expanded": "Target Sub Systems",
"value": "target-sub-systems"
"expanded": "Target",
"value": "target"
},
{
"expanded": "Target systems",
"value": "target-systems"
},
{
"expanded": "Target Sub Systems",
"value": "target-sub-systems"
},
{
"value": "impact",
"expanded": "Impact",
"exclusive": true
},
{
"expanded": "Target",
"value": "target"
},
{
"expanded": "Mission Critical",
"value": "mission-critical"
},
{
"value": "likelihood",
"expanded": "Likelihood",
"exclusive": true
},
{
"expanded": "Criticality",
"value": "criticality"
},
{
"value": "certainty",
"expanded": "Certainty",
@ -39,42 +39,55 @@
{
"predicate": "target",
"entry": [
{
"value": "airline",
"expanded": "airline",
"description": "airlines or airline groups"
},
{
"value": "airspace users",
"expanded": "Airspace Users",
"description": "Airspace users including airlines"
"description": "Airspace users other than airlines like drone, helicopter, baloon operators"
},
{
"value": "airport",
"expanded": "Airport"
"expanded": "Airport",
"description": "Airports or airport operators"
},
{
"value": "air-navigation-service-provider",
"expanded": "Air Navigation Service Provider"
"value": "ansp",
"expanded": "Air Navigation Service Provider",
"description": "Air Navigation Service Provider who is managing the airspace of a country or a specific region"
},
{
"value": "international-association",
"expanded": "International Association"
"expanded": "International Association",
"description": "International associations related with aviation sector"
},
{
"value": "civil-aviation-authority",
"expanded": "Civil Aviation Authority"
"value": "caa",
"expanded": "Civil Aviation Authority",
"description": "Civil Aviation Authority who is responsible for regulation the aviation of a country"
},
{
"value": "manufacturer",
"expanded": "Manufacturer"
"expanded": "Manufacturer",
"description": "Manufacturers who produce aircrafts,aircraft or ATM related components"
},
{
"value": "service-provider",
"expanded": "Service Provider"
"expanded": "Service Provider",
"description": "Service providers who provide different services to the aviation stakeholders"
},
{
"value": "network-manager",
"expanded": "Network Manager"
"expanded": "Network Manager",
"description": "Network Manager manages ATM network functions (airspace design, flow management) as well as scarce resources"
},
{
"value": "military",
"expanded": "Military"
"expanded": "Military",
"description": "Military aviation"
}
]
},
@ -83,148 +96,168 @@
"entry": [
{
"value": "ATM",
"expanded": "ATM - Air Traffic Management"
"expanded": "ATM - Air Traffic Management",
"description": "Air traffic management systems which manage airspace"
},
{
"value": "AIS",
"expanded": "AIS - Aeronautical Information Service"
"expanded": "AIS - Aeronautical Information Service",
"description": "Aeronatutical Infromation Service whose objective is to ensure the flow of aeronautical information and data necessary for the safety, regularity and efficiency of international air navigation"
},
{
"value": "MET",
"expanded": "MET - Meteorological Service"
"expanded": "MET - Meteorological Service",
"description": "Meteorological service which provides meteo data to the airspace users"
},
{
"value": "SAR",
"expanded": "SAR - Search and Rescue"
"expanded": "SAR - Search and Rescue",
"description": "Search and rescue (SAR) service is provided to the survivors of aircraft accidents as well as aircraft in distress (and their occupants) regardless of their nationality"
},
{
"value": "CNS",
"expanded": "CNS - Communication, Navigation and Surveillance"
"expanded": "CNS - Communication, Navigation and Surveillance",
"description": "The main functions of ATM: Communication, Navigation and Surveillance"
},
{
"value": "airport-management-systems",
"expanded": "Airport Management Systems"
"expanded": "Airport Management Systems",
"description": "Airport IT and OT systems that manage airport internal operations"
},
{
"value": "airport-online-services",
"expanded": "Airport Online Services"
"expanded": "Airport Online Services",
"description": "Airport online service that helps external users to reach airport services"
},
{
"value": "airport-fids-systems",
"expanded": "Airport FIDS systems"
"expanded": "Airport Flight Information Display Systems",
"description": "Airport Flight Information Display Systems that guide the passangers about flights"
},
{
"value": "airline-management-systems",
"expanded": "Airline Management Systems"
"expanded": "Airline Management Systems",
"description": "Airline Management Systems that manage airline intenal operations"
},
{
"value": "airline-online-services",
"expanded": "Airline Online Services"
"expanded": "Airline Online Services",
"description": "Airline Online Services that helps external users to reach airlines services"
}
]
},
{
"predicate": "target-sub-systems",
"entry": [
{
"value": "ATM:NewPENS",
"expanded": "ATM New PENS(Pan-European Network Service)",
"description": "ATM New PENS(Pan-European Network Service) which is private network for aviation stakeholders"
},
{
"value": "ATM:SWIM",
"expanded": "ATM SWIM(Sytem Wide Information Management)",
"description": "ATM SWIM(System Wide Information Management) is the system that enables seamless information access and interchange between all providers and users of ATM information and services"
},
{
"value": "ATM:ATS:ATC",
"expanded": "ATM ATS ATC - Air Traffic Control"
"expanded": "ATM ATS(Air Traffic Service) ATC - Air Traffic Control",
"description": "ATM ATS(Air Traffic Service) ATC - Air Traffic Control systems"
},
{
"value": "ATM:ATS:FIS",
"expanded": "ATM ATS FIST - Flight Information Services"
"expanded": "ATM ATS FIS - Flight Information Services",
"description": "ATM ATS FIS - Flight Information Services systems"
},
{
"value": "ATM:ATS:ALRS",
"expanded": "ATM ATS ALRS - Alerting Services"
"expanded": "ATM ATS ALRS - Alerting Services",
"description": "ATM ATS ALRS - Alerting Services systems"
},
{
"value": "ATM:ATS:ATFM",
"expanded": "ATM ATS ATFM(Air Traffic Flow Management)",
"description": "ATM ATS ATFM(Air Traffic Flow Management) systems "
},
{
"value": "ATM:ATS:ASM",
"expanded": "ATM ATS ASM(Airspace management)",
"description": "ATM ATS ASM(Airspace management) systems "
},
{
"value": "CNS:COM:Ground-Ground",
"expanded": "CNS COM Ground-Ground"
"expanded": "CNS COM Ground-Ground",
"description": "Ground-ground communication systems"
},
{
"value": "CNS:COM:Ground-Air",
"expanded": "CNS COM Ground Air"
"expanded": "CNS COM Ground Air",
"description": "Ground-Air communication systems"
},
{
"value": "CNS:COM:Air-Air",
"expanded": "CNS COM Air Air"
"expanded": "CNS COM Air Air",
"description": "Air-Air Communication systems"
},
{
"value": "CNS:COM:Asterix",
"expanded": "CNS COM Asterix"
"expanded": "CNS COM Asterix",
"description": "Asterix radar data protocol processing systems"
},
{
"value": "CNS:COM:VDL",
"expanded": "CNS COM VDL"
},
{
"value": "CNS:COM:Reserved1",
"expanded": "CNS COM Reserved1"
},
{
"value": "CNS:COM:Reserved2",
"expanded": "CNS COM Reserved2"
"expanded": "CNS COM VDL",
"description": "Very High Frequency Data link"
},
{
"value": "CNS:SUR:ADS-B",
"expanded": "CNS SUR ADS-B"
"expanded": "CNS SUR ADS-B(Automatic Dependent Surveillance-Broadcast)",
"description": "ADS-B Automatic Dependent Surveillance-Broadcast) protocol"
},
{
"value": "CNS:SUR:ADS-C",
"expanded": "CNS SUR ADS-C"
"expanded": "CNS SUR ADS-C(Automatic dependent surveillance-contract)",
"description": "ADS-C Automatic Dependent Surveillance-contract"
},
{
"value": "CNS:SUR:Radar",
"expanded": "CNS SUR Radar"
"expanded": "CNS SUR Radar",
"description": "Radar related systems"
},
{
"value": "CNS:SUR:PR",
"expanded": "CNS SUR PR"
"expanded": "CNS SUR PR(Primary Radar)",
"description": "Primary Radar related systems"
},
{
"value": "CNS:SUR:SSR",
"expanded": "CNS SUR SSR"
"expanded": "CNS SUR SSR(Secondary Surveillance Radar)",
"description": "Secondary Surveillance Radar related systems"
},
{
"value": "CNS:SUR:Reserved1",
"expanded": "CNS SUR Reserved1"
},
{
"value": "CNS:SUR:Reserved2",
"expanded": "CNS SUR Reserved2"
},
{
"value": "CNS:SUR:Reserved3",
"expanded": "CNS SUR Reserved3"
"value": "CNS:Nav:GNSS",
"expanded": "CNS Nav GNSS(Global Navigation Satellite Systems)",
"description": "GNSS(Global Naviation Satellite Systems) related systems"
},
{
"value": "CNS:Nav:GPS",
"expanded": "CNS Nav GPS"
"expanded": "CNS Nav GPS(Global Positioning Systems)",
"description": "GPS(Global Positioning Systems) related systems"
},
{
"value": "CNS:Nav:GLONASS",
"expanded": "CNS Nav GLONASS"
"expanded": "CNS Nav GLONASS(GLObal NAvigation Satellite Systems)",
"description": "GLONASS(GLObal NAvigation Satellite Systems) related systems"
},
{
"value": "CNS:Nav:ILS",
"expanded": "CNS Nav ILS"
"expanded": "CNS Nav ILS(Instrument landing systems)",
"description": "ILS(Instrument landing systems) related systems"
},
{
"value": "CNS:Nav:GLS",
"expanded": "CNS Nav GLS"
},
{
"value": "CNS:Nav:Reserved1",
"expanded": "CNS Nav Reserved1"
},
{
"value": "CNS:Nav:Reserved2",
"expanded": "CNS Nav Reserved2"
},
{
"value": "CNS:Nav:Reserved3",
"expanded": "CNS Mav Reserved3"
"expanded": "CNS Nav GLS (GNSS dependent landing systems",
"description": "GLS(GNSS dependent landing systems) related systems"
}
]
},
@ -294,15 +327,22 @@
]
},
{
"predicate": "mission-critical",
"predicate": "criticality",
"entry": [
{
"value": "mission-critical",
"expanded": "Mission Critical"
"value": "safety-critical",
"expanded": "Safety Critical",
"description": "Criticality level that threatens human life"
},
{
"value": "safety-critical",
"expanded": "Safety Critical"
"value": "mission-critical",
"expanded": "Mission Critical",
"description": "Criticality level that affects the critical services impacting the airspace management"
},
{
"value": "business-critical",
"expanded": "business Critical",
"description": "Criticality level that affects business functions"
}
]
},

252
dark-web/machinetag.json
View File

@ -1,8 +1,8 @@
{
"namespace": "dark-web",
"expanded": "Dark Web",
"description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project",
"version": 4,
"description": "Criminal motivation and content detection the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project and extended by the JRC (Joint Research Centre) of the European Commission.",
"version": 5,
"predicates": [
{
"value": "topic",
@ -18,6 +18,16 @@
"value": "structure",
"description": "Structure of the materials tagged",
"expanded": "Structure"
},
{
"value": "service",
"description": "Information related to an Dark-Web service",
"expanded": "Service"
},
{
"value": "content",
"description": "Identifiable entities and information contained in a Dark-Web service",
"expanded": "Content"
}
],
"values": [
@ -26,182 +36,182 @@
"entry": [
{
"value": "drugs-narcotics",
"expanded": "Drugs/Narcotics",
"expanded": "drugsNarcotics",
"description": "Illegal drugs/chemical compounds for consumption/ingestion - either via blanket unlawfulness (e.g. proscribed drugs) or via unlawful access (e.g. prescription-only/restricted medications sold without lawful accessibility)."
},
{
"value": "electronics",
"expanded": "Electronics",
"expanded": "electronics",
"description": "Electronics and high tech materials, described or to sell for example."
},
{
"value": "finance",
"expanded": "Finance",
"expanded": "finance",
"description": "Any monetary/currency/exchangeable materials. Includes carding, Paypal etc."
},
{
"value": "finance-crypto",
"expanded": "CryptoFinance",
"expanded": "cryptoFinance",
"description": "Any monetary/currency/exchangeable materials based on cryptocurrencies. Includes Bitcoin, Litecoin etc."
},
{
"value": "credit-card",
"expanded": "Credit-Card",
"expanded": "creditCard",
"description": "Credit cards and payments materials"
},
{
"value": "cash-in",
"expanded": "Cash-in",
"expanded": "cashIn",
"description": "Buying parts of assets, conversion from liquid assets, currency, etc."
},
{
"value": "cash-out",
"expanded": "Cash-out",
"expanded": "cashOut",
"description": "Selling parts of assets, conversion to liquid assets, currency, etc."
},
{
"value": "escrow",
"expanded": "Escrow",
"expanded": "escrow",
"description": "Third party keeping assets in behalf of two other parties making a transactions."
},
{
"value": "hacking",
"expanded": "Hacking",
"expanded": "hacking",
"description": "Materials relating to the illegal access to or alteration of data and/or electronic services."
},
{
"value": "identification-credentials",
"expanded": "Identification/Credentials",
"expanded": "identificationCredentials",
"description": "Materials used for providing/establishing identification with third parties. Examples include passports, driver licenses and login credentials."
},
{
"value": "intellectual-property-copyright-materials",
"expanded": "Intellectual Property/Copyright Materials",
"expanded": "intellectualPropertyCopyrightMaterials",
"description": "Otherwise lawful materials stored, transferred or made available without consent of their legal rights holders."
},
{
"value": "pornography-adult",
"expanded": "Pornography - Adult",
"expanded": "pornographyAdult",
"description": "Lawful, ethical pornography (i.e. involving only consenting adults)."
},
{
"value": "pornography-child-exploitation",
"expanded": "Pornography - Child (Child Exploitation)",
"expanded": "pornographyChild(ChildExploitation)",
"description": "Child abuse materials (aka child pornography), including 'fantasy' fiction materials, CGI. Also includes the provision/offering of child abuse materials and/or activities"
},
{
"value": "pornography-illicit-or-illegal",
"expanded": "Pornography - Illicit or Illegal",
"expanded": "pornographyIllicitOrIllegal",
"description": "Illegal pornography NOT including children/child abuse. Includes bestiality, stolen/revenge porn, hidden cameras etc."
},
{
"value": "search-engine-index",
"expanded": "Search Engine/Index",
"expanded": "searchEngineIndex",
"description": "Site providing links/references to other sites/services. Referred to as a nexus by (Moore and Rid, 2016)"
},
{
"value": "unclear",
"expanded": "Unclear",
"expanded": "unclear",
"description": "Unable to completely establish topic of material."
},
{
"value": "extremism",
"expanded": "Extremism",
"expanded": "extremism",
"description": "Illegal or of concern levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes."
},
{
"value": "violence",
"expanded": "Violence",
"expanded": "violence",
"description": "Materials relating to violence against persons or property."
},
{
"value": "weapons",
"expanded": "Weapons",
"expanded": "weapons",
"description": "Materials specifically associated with materials and/or items for use in violent acts against persons or property. Examples include firearms and bomb-making ingredients."
},
{
"value": "softwares",
"expanded": "Softwares",
"expanded": "softwares",
"description": "Illegal or armful software distribution"
},
{
"value": "counteir-feit-materials",
"expanded": "Counter-feit materials",
"expanded": "counterFeitMaterials",
"description": "Fake identification papers."
},
{
"value": "gambling",
"expanded": "Gambling",
"expanded": "gambling",
"description": "Games involving money"
},
{
"value": "library",
"expanded": "Library",
"expanded": "library",
"description": "Library or list of books"
},
{
"value": "other-not-illegal",
"expanded": "Other not illegal",
"expanded": "otherNotIllegal",
"description": "Material not of interest to law enforcement - e.g. personal sites, Facebook mirrors."
},
{
"value": "legitimate",
"expanded": "Legitimate",
"expanded": "legitimate",
"description": "Legitimate websites"
},
{
"value": "chat",
"expanded": "Chats platforms",
"expanded": "chatsPlatforms",
"description": "Chats space or equivalent, which are not forums"
},
{
"value": "mixer",
"expanded": "Mixer",
"expanded": "mixer",
"description": "Anonymization tools for crypto-currencies transactions"
},
{
"value": "mystery-box",
"expanded": "Mystery-Box",
"expanded": "mysteryBox",
"description": "Mystery Box seller"
},
{
"value": "anonymizer",
"expanded": "Anonymizer",
"expanded": "anonymizer",
"description": "Anonymization tools"
},
{
"value": "vpn-provider",
"expanded": "VPN-Provider",
"expanded": "vpnProvider",
"description": "Provides VPN services and related"
},
{
"value": "email-provider",
"expanded": "EMail-Provider",
"expanded": "emailProvider",
"description": "Provides e-mail services and related"
},
{
"value": "ponies",
"expanded": "Ponies",
"expanded": "ponies",
"description": "self-explanatory. It's ponies"
},
{
"value": "games",
"expanded": "Games",
"expanded": "games",
"description": "Flash or online games"
},
{
"value": "parody",
"expanded": "Parody or Joke",
"expanded": "parodyOrJoke",
"description": "Meme, Parody, Jokes, Trolling, ..."
},
{
"value": "whistleblower",
"expanded": "Whistleblower",
"expanded": "whistleblower",
"description": "Exposition and sharing of confidential information with protection of the witness in mind"
},
{
"value": "ransomware-group",
"expanded": "Ransomware Group",
"expanded": "ransomwareGroup",
"description": "Ransomware group PR or leak website"
}
]
@ -211,92 +221,92 @@
"entry": [
{
"value": "education-training",
"expanded": "Education & Training",
"expanded": "educationTraining",
"description": "Materials providing instruction - e.g. how to guides"
},
{
"value": "wiki",
"expanded": "Wiki",
"expanded": "wiki",
"description": "Wiki pages, documentation and information display"
},
{
"value": "forum",
"expanded": "Forum",
"expanded": "forum",
"description": "Sites specifically designed for multiple users to communicate as peers"
},
{
"value": "file-sharing",
"expanded": "File Sharing",
"expanded": "fileSharing",
"description": "General file sharing, typically (but not limited to) movie/image sharing"
},
{
"value": "hosting",
"expanded": "Hosting",
"expanded": "hosting",
"description": "Hosting providers, e-mails, websites, file-storage etc."
},
{
"value": "ddos-services",
"expanded": "DDoS-Services",
"expanded": "ddosServices",
"description": "Stresser, Booter, DDoSer, DDoS as a Service provider, DDoS tools, etc."
},
{
"value": "general",
"expanded": "General",
"expanded": "general",
"description": "Materials not covered by the other motivations. Typically, materials of a nature not of interest to law enforcement. For example, personal biography sites."
},
{
"value": "information-sharing-reportage",
"expanded": "Information Sharing/Reportage",
"expanded": "InformationSharingReportage",
"description": "Journalism/reporting on topics. Can include biased coverage, but obvious propaganda materials are covered by Recruitment/Advocacy."
},
{
"value": "scam",
"expanded": "Scam",
"expanded": "scam",
"description": "Intentional confidence trick to fraud people or group of people"
},
{
"value": "political-speech",
"expanded": "Political-Speech",
"expanded": "politicalSpeech",
"description": "Political, activism, without extremism."
},
{
"value": "conspirationist",
"expanded": "Conspirationist",
"expanded": "conspirationist",
"description": "Conspirationist content, fake news, etc."
},
{
"value": "hate-speech",
"expanded": "Hate-Speech",
"expanded": "hateSpeech",
"description": "Racism, violent, hate... speech."
},
{
"value": "religious",
"expanded": "Religious",
"expanded": "religious",
"description": "Religious, faith, doctrinal related content."
},
{
"value": "marketplace-for-sale",
"expanded": "Marketplace/For Sale",
"expanded": "marketplaceForSale",
"description": "Services/goods for sale, regardless of means of payment."
},
{
"value": "smuggling",
"expanded": "Smuggling",
"expanded": "smuggling",
"description": "Information or trading of wild animals, prohibited goods, ... "
},
{
"value": "recruitment-advocacy",
"expanded": "Recruitment/Advocacy",
"expanded": "recruitmentAdvocacy",
"description": "Propaganda"
},
{
"value": "system-placeholder",
"expanded": "System/Placeholder",
"expanded": "systemPlaceholder",
"description": "Automatically generated content, not designed for any identifiable purpose other than diagnostics - e.g. “It Works” message provided by default by Apache2"
},
{
"value": "unclear",
"expanded": "Unclear",
"expanded": "unclear",
"description": "Unable to completely establish motivation of material."
}
]
@ -306,55 +316,165 @@
"entry": [
{
"value": "incomplete",
"expanded": "Incomplete websites or information",
"expanded": "incomplete",
"description": "Websites and pages that are unable to load completely properly"
},
{
"value": "captcha",
"expanded": "Captcha and Solvers",
"expanded": "captcha",
"description": "Captchas and solvers elements"
},
{
"value": "login-forms",
"expanded": "Logins forms and gates",
"expanded": "loginForms",
"description": "Authentication pages, login page, login forms that block access to an internal part of a website."
},
{
"value": "contact-forms",
"expanded": "Contact forms and gates",
"expanded": "contactForms",
"description": "Forms to perform a contact request, send an e-mail, fill information, enter a password, ..."
},
{
"value": "encryption-keys",
"expanded": "Encryption and decryption keys",
"expanded": "encryptionKeys",
"description": "e.g. PGP Keys, passwords, ..."
},
{
"value": "police-notice",
"expanded": "Police Notice",
"expanded": "policeNotice",
"description": "Closed websites, with police-equivalent banners"
},
{
"value": "legal-statement",
"expanded": "Legal-Statement",
"expanded": "legalStatement",
"description": "RGPD statement, Privacy-policy, guidelines of a websites or forum..."
},
{
"value": "test",
"expanded": "Test",
"expanded": "test",
"description": "Test websites without any real consequences or effects"
},
{
"value": "videos",
"expanded": "Videos",
"expanded": "videos",
"description": "Videos and streaming"
},
{
"value": "unclear",
"expanded": "Unclear",
"expanded": "unclear",
"description": "Unable to completely establish structure of material."
}
]
},
{
"predicate": "service",
"entry": [
{
"value": "url",
"expanded": "url",
"description": "Uniform Resource Locator (URL) of a dark-web. The url should indicate a protocol (http), a hostname (www.example.com), and a file name (index.html). Example: http://www.example.com/index.html"
},
{
"value": "content-type",
"expanded": "contentType",
"description": "Content-Type representaton headerused to indicate the original media type of the resource (prior to any content encoding applied for sending). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type"
},
{
"value": "path",
"expanded": "path",
"description": "The URL path is the string of information that comes after the top level domain name "
},
{
"value": "detection-date",
"expanded": "detectionDate",
"description": "Date in which the dark-web was detected. The date should be in ISO 8601 format. Example: 2019-01-01T00:00:00Z"
},
{
"value": "network-protocol",
"expanded": "networkProtocol",
"description": "Network protocol used to access the dark-web site (e.g., HTTP, HTTPS)"
},
{
"value": "port",
"expanded": "port",
"description": "Port number where the dark-web service is being offered"
},
{
"value": "network",
"expanded": "network",
"description": "Overlay network (darknet) that host the service or content"
},
{
"value": "found-at",
"expanded": "foundAt",
"description": "Domain or service where the dark-web where found at"
}
]
},
{
"predicate": "content",
"entry": [
{
"value": "sha1sum",
"expanded": "sha1sum",
"description": "SHA-1 (Secure Hash Algorithm 1) hash of the HTML or objectName content"
},
{
"value": "sha256sum",
"expanded": "sha256sum",
"description": "SHA-256 hash of the HTML or objectName content"
},
{
"value": "ssdeep",
"expanded": "ssdeep",
"description": "ssdeep fuzzy hash of the HTML or objectName content"
},
{
"value": "language",
"expanded": "language",
"description": "Detected language of the service in ISO 6391 Code. Example: en"
},
{
"value": "html",
"expanded": "html",
"description": "HyperText Markup Language (HTML) used in a website"
},
{
"value": "css",
"expanded": "css",
"description": "CSS (Cascading Style Sheets) used in a dark-web site"
},
{
"value": "text",
"expanded": "text",
"description": "Content of the dark-web service without HTML tags"
},
{
"value": "page-title",
"expanded": "pageTitle",
"description": "HTML <title> tag content of a dark-web site"
},
{
"value": "phone-number",
"expanded": "phoneNumber",
"description": "Phone number identified in the dark-web site"
},
{
"value": "creditCard",
"expanded": "creditCard",
"description": "Credit card identified in the dark-web site"
},
{
"value": "email",
"expanded": "email",
"description": "Email address identified in the dark-web site"
},
{
"value": "pgp-public-key-block",
"expanded": "pgpPublicKeyBlock",
"description": "PGP public key block identified in the dark-web site"
}
]
}
]
}

25
information-origin/machinetag.json Normal file
View File

@ -0,0 +1,25 @@
{
"namespace": "information-origin",
"description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.",
"version": 2,
"predicates": [
{
"value": "human-generated",
"description": "Information that has been generated by a human.",
"expanded": "human generated",
"colour": "#33FF00"
},
{
"value": "AI-generated",
"description": "Information that has been generated by an AI LLM or similar technologies.",
"expanded": "AI generated",
"colour": "#FFC000"
},
{
"value": "uncertain-origin",
"description": "Information for which the origin is uncertain which can be machine or a human.",
"expanded": "uncertain origin",
"colour": "#FFC000"
}
]
}

30
nis2/machinetag.json
View File

@ -8,6 +8,21 @@
"expanded": "Sectors impacted",
"description": "The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services."
},
{
"value": "impact-subsectors-impacted",
"expanded": "Impact subsectors impacted",
"description": "Impact subsectors impacted"
},
{
"value": "important-entities",
"expanded": "Important entities",
"description": "Important entities"
},
{
"value": "impact-subsectors-important-entities",
"expanded": "Impact subsectors important entities",
"description": "Impact subsectors important entities"
},
{
"value": "impact-severity",
"expanded": "Severity of the impact",
@ -36,21 +51,6 @@
"value": "test",
"expanded": "Test",
"description": "A test predicate meant to test interoperability between tools. Tags contained within this predicate are to be ignored."
},
{
"value": "impact-subsectors-important-entities",
"expanded": "Impact subsectors important entities",
"description": "Impact subsectors important entities"
},
{
"value": "important-entities",
"expanded": "Important entities",
"description": "Important entities"
},
{
"value": "impact-subsectors-impacted",
"expanded": "Impact subsectors impacted",
"description": "Impact subsectors impacted"
}
],
"values": [

56
threatmatch/machinetag.json
View File

@ -437,8 +437,8 @@
"expanded": "Actor Campaigns"
},
{
"value": "Credential Breaches",
"expanded": "Credential Breaches"
"value": "Credential Breach",
"expanded": "Credential Breach"
},
{
"value": "DDoS",
@ -453,41 +453,29 @@
"expanded": "General Notification"
},
{
"value": "High Impact Vulnerabilities",
"expanded": "High Impact Vulnerabilities"
"value": "Vulnerability",
"expanded": "Vulnerability"
},
{
"value": "Information Leakages",
"expanded": "Information Leakages"
},
{
"value": "Malware Analysis",
"expanded": "Malware Analysis"
"value": "Malware",
"expanded": "Malware"
},
{
"value": "Nefarious Domains",
"expanded": "Nefarious Domains"
"value": "Suspicious Domain",
"expanded": "Suspicious Domain"
},
{
"value": "Nefarious Forum Mention",
"expanded": "Nefarious Forum Mention"
},
{
"value": "Pastebin Dumps",
"expanded": "Pastebin Dumps"
"value": "Forum Mention",
"expanded": "Forum Mention"
},
{
"value": "Phishing Attempts",
"expanded": "Phishing Attempts"
},
{
"value": "PII Exposure",
"expanded": "PII Exposure"
},
{
"value": "Sensitive Information Disclosures",
"expanded": "Sensitive Information Disclosures"
},
{
"value": "Social Media Alerts",
"expanded": "Social Media Alerts"
@ -501,12 +489,28 @@
"expanded": "Technical Exposure"
},
{
"value": "Threat Actor Updates",
"expanded": "Threat Actor Updates"
"value": "Threat Actor Update",
"expanded": "Threat Actor Update"
},
{
"value": "Trigger Events",
"expanded": "Trigger Events"
"value": "Direct Targeting ",
"expanded": "Direct Targeting "
},
{
"value": "Protest Activity",
"expanded": "Protest Activity"
},
{
"value": "Violent Event",
"expanded": "Violent Event"
},
{
"value": "Strategic Event",
"expanded": "Strategic Event"
},
{
"value": "Insider Threat",
"expanded": "Insider Threat"
}
]
}

6
workflow/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "workflow",
"expanded": "workflow to support analysis",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"version": 11,
"version": 12,
"predicates": [
{
"value": "todo",
@ -132,6 +132,10 @@
{
"value": "rejected",
"expanded": "Analyst rejected the process. The object will not reach state of completeness."
},
{
"value": "release",
"expanded": "Analyst approved the information to be released. Like a MISP event to be released and published."
}
]
}