From 9ffbde85109474f20815b368760124aa982ffabb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 9 Dec 2022 11:20:45 +0100 Subject: [PATCH 01/13] fix: Reorder entries to make tests happy --- aviation/machinetag.json | 18 +++++++++--------- nis2/machinetag.json | 30 +++++++++++++++--------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/aviation/machinetag.json b/aviation/machinetag.json index ef9f678..0139eea 100644 --- a/aviation/machinetag.json +++ b/aviation/machinetag.json @@ -1,31 +1,31 @@ { "predicates": [ { - "expanded": "Target Sub Systems", - "value": "target-sub-systems" + "expanded": "Target", + "value": "target" }, { "expanded": "Target systems", "value": "target-systems" }, + { + "expanded": "Target Sub Systems", + "value": "target-sub-systems" + }, { "value": "impact", "expanded": "Impact", "exclusive": true }, { - "expanded": "Target", - "value": "target" + "value": "likelihood", + "expanded": "Likelihood", + "exclusive": true }, { "expanded": "Mission Critical", "value": "mission-critical" }, - { - "value": "likelihood", - "expanded": "Likelihood", - "exclusive": true - }, { "value": "certainty", "expanded": "Certainty", diff --git a/nis2/machinetag.json b/nis2/machinetag.json index cefed04..49bdc1f 100644 --- a/nis2/machinetag.json +++ b/nis2/machinetag.json @@ -8,6 +8,21 @@ "expanded": "Sectors impacted", "description": "The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services." }, + { + "value": "impact-subsectors-impacted", + "expanded": "Impact subsectors impacted", + "description": "Impact subsectors impacted" + }, + { + "value": "important-entities", + "expanded": "Important entities", + "description": "Important entities" + }, + { + "value": "impact-subsectors-important-entities", + "expanded": "Impact subsectors important entities", + "description": "Impact subsectors important entities" + }, { "value": "impact-severity", "expanded": "Severity of the impact", @@ -36,21 +51,6 @@ "value": "test", "expanded": "Test", "description": "A test predicate meant to test interoperability between tools. Tags contained within this predicate are to be ignored." - }, - { - "value": "impact-subsectors-important-entities", - "expanded": "Impact subsectors important entities", - "description": "Impact subsectors important entities" - }, - { - "value": "important-entities", - "expanded": "Important entities", - "description": "Important entities" - }, - { - "value": "impact-subsectors-impacted", - "expanded": "Impact subsectors impacted", - "description": "Impact subsectors impacted" } ], "values": [ From a33dd623d1936dc015a3ba286a1b83eea1f71459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 9 Dec 2022 11:26:23 +0100 Subject: [PATCH 02/13] chg: Bump python version in tests --- .github/workflows/nosetests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nosetests.yml b/.github/workflows/nosetests.yml index 0b59e16..78bf241 100644 --- a/.github/workflows/nosetests.yml +++ b/.github/workflows/nosetests.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ['3.6', '3.7', '3.8', '3.9', '3.10'] + python-version: [3.8, 3.9, '3.10'] steps: From a85955e991cc9099f961bae0e398d98b7f1def1d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 11 Jan 2023 16:12:58 +0100 Subject: [PATCH 03/13] chg: [aviation] updated by Eurocontrol --- aviation/machinetag.json | 190 +++++++++++++++++++++++---------------- 1 file changed, 115 insertions(+), 75 deletions(-) diff --git a/aviation/machinetag.json b/aviation/machinetag.json index 0139eea..dbce73b 100644 --- a/aviation/machinetag.json +++ b/aviation/machinetag.json @@ -23,8 +23,8 @@ "exclusive": true }, { - "expanded": "Mission Critical", - "value": "mission-critical" + "expanded": "criticality", + "value": "Criticality" }, { "value": "certainty", @@ -39,42 +39,55 @@ { "predicate": "target", "entry": [ + { + "value": "airline", + "expanded": "airline", + "description": "airlines or airline groups" + }, { "value": "airspace users", "expanded": "Airspace Users", - "description": "Airspace users including airlines" + "description": "Airspace users other than airlines like drone, helicopter, baloon operators" }, { "value": "airport", - "expanded": "Airport" + "expanded": "Airport", + "description": "Airports or airport operators" }, { - "value": "air-navigation-service-provider", - "expanded": "Air Navigation Service Provider" + "value": "ansp", + "expanded": "Air Navigation Service Provider", + "description": "Air Navigation Service Provider who is managing the airspace of a country or a specific region" }, { "value": "international-association", - "expanded": "International Association" + "expanded": "International Association", + "description": "International associations related with aviation sector" }, { - "value": "civil-aviation-authority", - "expanded": "Civil Aviation Authority" + "value": "caa", + "expanded": "Civil Aviation Authority", + "description": "Civil Aviation Authority who is responsible for regulation the aviation of a country" }, { "value": "manufacturer", - "expanded": "Manufacturer" + "expanded": "Manufacturer", + "description": "Manufacturers who produce aircrafts,aircraft or ATM related components" }, { "value": "service-provider", - "expanded": "Service Provider" + "expanded": "Service Provider", + "description": "Service providers who provide different services to the aviation stakeholders" }, { "value": "network-manager", - "expanded": "Network Manager" + "expanded": "Network Manager", + "description": "Network Manager manages ATM network functions (airspace design, flow management) as well as scarce resources" }, { "value": "military", - "expanded": "Military" + "expanded": "Military", + "description": "Military aviation" } ] }, @@ -83,148 +96,168 @@ "entry": [ { "value": "ATM", - "expanded": "ATM - Air Traffic Management" + "expanded": "ATM - Air Traffic Management", + "description": "Air traffic management systems which manage airspace" }, { "value": "AIS", - "expanded": "AIS - Aeronautical Information Service" + "expanded": "AIS - Aeronautical Information Service", + "description": "Aeronatutical Infromation Service whose objective is to ensure the flow of aeronautical information and data necessary for the safety, regularity and efficiency of international air navigation" }, { "value": "MET", - "expanded": "MET - Meteorological Service" + "expanded": "MET - Meteorological Service", + "description": "Meteorological service which provides meteo data to the airspace users" }, { "value": "SAR", - "expanded": "SAR - Search and Rescue" + "expanded": "SAR - Search and Rescue", + "description": "Search and rescue (SAR) service is provided to the survivors of aircraft accidents as well as aircraft in distress (and their occupants) regardless of their nationality" }, { "value": "CNS", - "expanded": "CNS - Communication, Navigation and Surveillance" + "expanded": "CNS - Communication, Navigation and Surveillance", + "description": "The main functions of ATM: Communication, Navigation and Surveillance" }, { "value": "airport-management-systems", - "expanded": "Airport Management Systems" + "expanded": "Airport Management Systems", + "description": "Airport IT and OT systems that manage airport internal operations" }, { "value": "airport-online-services", - "expanded": "Airport Online Services" + "expanded": "Airport Online Services", + "description": "Airport online service that helps external users to reach airport services" }, { "value": "airport-fids-systems", - "expanded": "Airport FIDS systems" + "expanded": "Airport Flight Information Display Systems", + "description": "Airport Flight Information Display Systems that guide the passangers about flights" }, { "value": "airline-management-systems", - "expanded": "Airline Management Systems" + "expanded": "Airline Management Systems", + "description": "Airline Management Systems that manage airline intenal operations" }, { "value": "airline-online-services", - "expanded": "Airline Online Services" + "expanded": "Airline Online Services", + "description": "Airline Online Services that helps external users to reach airlines services" } ] }, { "predicate": "target-sub-systems", "entry": [ + { + "value": "ATM:NewPENS", + "expanded": "ATM New PENS(Pan-European Network Service)", + "description": "ATM New PENS(Pan-European Network Service) which is private network for aviation stakeholders" + }, + { + "value": "ATM:SWIM", + "expanded": "ATM SWIM(Sytem Wide Information Management)", + "description": "ATM SWIM(System Wide Information Management) is the system that enables seamless information access and interchange between all providers and users of ATM information and services" + }, { "value": "ATM:ATS:ATC", - "expanded": "ATM ATS ATC - Air Traffic Control" + "expanded": "ATM ATS(Air Traffic Service) ATC - Air Traffic Control", + "description": "ATM ATS(Air Traffic Service) ATC - Air Traffic Control systems" }, { "value": "ATM:ATS:FIS", - "expanded": "ATM ATS FIST - Flight Information Services" + "expanded": "ATM ATS FIS - Flight Information Services", + "description": "ATM ATS FIS - Flight Information Services systems" }, { "value": "ATM:ATS:ALRS", - "expanded": "ATM ATS ALRS - Alerting Services" + "expanded": "ATM ATS ALRS - Alerting Services", + "description": "ATM ATS ALRS - Alerting Services systems" + }, + { + "value": "ATM:ATS:ATFM", + "expanded": "ATM ATS ATFM(Air Traffic Flow Management)", + "description": "ATM ATS ATFM(Air Traffic Flow Management) systems " + }, + { + "value": "ATM:ATS:ASM", + "expanded": "ATM ATS ASM(Airspace management)", + "description": "ATM ATS ASM(Airspace management) systems " }, { "value": "CNS:COM:Ground-Ground", - "expanded": "CNS COM Ground-Ground" + "expanded": "CNS COM Ground-Ground", + "description": "Ground-ground communication systems" }, { "value": "CNS:COM:Ground-Air", - "expanded": "CNS COM Ground Air" + "expanded": "CNS COM Ground Air", + "description": "Ground-Air communication systems" }, { "value": "CNS:COM:Air-Air", - "expanded": "CNS COM Air Air" + "expanded": "CNS COM Air Air", + "description": "Air-Air Communication systems" }, { "value": "CNS:COM:Asterix", - "expanded": "CNS COM Asterix" + "expanded": "CNS COM Asterix", + "description": "Asterix radar data protocol processing systems" }, { "value": "CNS:COM:VDL", - "expanded": "CNS COM VDL" - }, - { - "value": "CNS:COM:Reserved1", - "expanded": "CNS COM Reserved1" - }, - { - "value": "CNS:COM:Reserved2", - "expanded": "CNS COM Reserved2" + "expanded": "CNS COM VDL", + "description": "Very High Frequency Data link" }, { "value": "CNS:SUR:ADS-B", - "expanded": "CNS SUR ADS-B" + "expanded": "CNS SUR ADS-B(Automatic Dependent Surveillance-Broadcast)", + "description": "ADS-B Automatic Dependent Surveillance-Broadcast) protocol" }, { "value": "CNS:SUR:ADS-C", - "expanded": "CNS SUR ADS-C" + "expanded": "CNS SUR ADS-C(Automatic dependent surveillance-contract)", + "description": "ADS-C Automatic Dependent Surveillance-contract" }, { "value": "CNS:SUR:Radar", - "expanded": "CNS SUR Radar" + "expanded": "CNS SUR Radar", + "description": "Radar related systems" }, { "value": "CNS:SUR:PR", - "expanded": "CNS SUR PR" + "expanded": "CNS SUR PR(Primary Radar)", + "description": "Primary Radar related systems" }, { "value": "CNS:SUR:SSR", - "expanded": "CNS SUR SSR" + "expanded": "CNS SUR SSR(Secondary Surveillance Radar)", + "description": "Secondary Surveillance Radar related systems" }, { - "value": "CNS:SUR:Reserved1", - "expanded": "CNS SUR Reserved1" - }, - { - "value": "CNS:SUR:Reserved2", - "expanded": "CNS SUR Reserved2" - }, - { - "value": "CNS:SUR:Reserved3", - "expanded": "CNS SUR Reserved3" + "value": "CNS:Nav:GNSS", + "expanded": "CNS Nav GNSS(Global Navigation Satellite Systems)", + "description": "GNSS(Global Naviation Satellite Systems) related systems" }, { "value": "CNS:Nav:GPS", - "expanded": "CNS Nav GPS" + "expanded": "CNS Nav GPS(Global Positioning Systems)", + "description": "GPS(Global Positioning Systems) related systems" }, { "value": "CNS:Nav:GLONASS", - "expanded": "CNS Nav GLONASS" + "expanded": "CNS Nav GLONASS(GLObal NAvigation Satellite Systems)", + "description": "GLONASS(GLObal NAvigation Satellite Systems) related systems" }, { "value": "CNS:Nav:ILS", - "expanded": "CNS Nav ILS" + "expanded": "CNS Nav ILS(Instrument landing systems)", + "description": "ILS(Instrument landing systems) related systems" }, { "value": "CNS:Nav:GLS", - "expanded": "CNS Nav GLS" - }, - { - "value": "CNS:Nav:Reserved1", - "expanded": "CNS Nav Reserved1" - }, - { - "value": "CNS:Nav:Reserved2", - "expanded": "CNS Nav Reserved2" - }, - { - "value": "CNS:Nav:Reserved3", - "expanded": "CNS Mav Reserved3" + "expanded": "CNS Nav GLS (GNSS dependent landing systems", + "description": "GLS(GNSS dependent landing systems) related systems" } ] }, @@ -294,15 +327,22 @@ ] }, { - "predicate": "mission-critical", + "predicate": "criticality", "entry": [ { - "value": "mission-critical", - "expanded": "Mission Critical" + "value": "safety-critical", + "expanded": "Safety Critical", + "description": "Criticality level that threatens human life" }, { - "value": "safety-critical", - "expanded": "Safety Critical" + "value": "mission-critical", + "expanded": "Mission Critical", + "description": "Criticality level that affects the critical services impacting the airspace management" + }, + { + "value": "business-critical", + "expanded": "business Critical", + "description": "Criticality level that affects business functions" } ] }, From e4d0c58076c2c1af20491b1d9be56967a16ac515 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 11 Jan 2023 16:15:30 +0100 Subject: [PATCH 04/13] chg: [aviation] fix criticality value --- aviation/machinetag.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aviation/machinetag.json b/aviation/machinetag.json index dbce73b..f23a87c 100644 --- a/aviation/machinetag.json +++ b/aviation/machinetag.json @@ -23,8 +23,8 @@ "exclusive": true }, { - "expanded": "criticality", - "value": "Criticality" + "expanded": "Criticality", + "value": "criticality" }, { "value": "certainty", From f5f5e310ee7c207a32f0331cfc1cee3c8908dc1d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 11 Jan 2023 16:24:32 +0100 Subject: [PATCH 05/13] chg: [doc] updated --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index f490975..955455a 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,11 @@ A pre-approved category of action for indicators being shared with partners (MIM [artificial-satellites](https://github.com/MISP/misp-taxonomies/tree/main/artificial-satellites) : This taxonomy was designed to describe artificial satellites [Overview](https://www.misp-project.org/taxonomies.html#_artificial_satellites) +### aviation + +[aviation](https://github.com/MISP/misp-taxonomies/tree/main/aviation) : +A taxonomy describing security threats or incidents against the aviation sector. [Overview](https://www.misp-project.org/taxonomies.html#_aviation) + ### binary-class [binary-class](https://github.com/MISP/misp-taxonomies/tree/main/binary-class) : @@ -502,6 +507,11 @@ classification for the identification of type of misinformation among websites. [misp](https://github.com/MISP/misp-taxonomies/tree/main/misp) : MISP taxonomy to infer with MISP behavior or operation. [Overview](https://www.misp-project.org/taxonomies.html#_misp) +### misp-workflow + +[misp-workflow](https://github.com/MISP/misp-taxonomies/tree/main/misp-workflow) : +MISP workflow taxonomy to support result of workflow execution. [Overview](https://www.misp-project.org/taxonomies.html#_misp_workflow) + ### monarc-threat [monarc-threat](https://github.com/MISP/misp-taxonomies/tree/main/monarc-threat) : @@ -632,6 +642,11 @@ Flags describing the sample for isotopic data (C14, O18) [Overview](https://www. [scrippsco2-sampling-stations](https://github.com/MISP/misp-taxonomies/tree/main/scrippsco2-sampling-stations) : Sampling stations of the Scripps CO2 Program [Overview](https://www.misp-project.org/taxonomies.html#_scrippsco2_sampling_stations) +### sentinel-threattype + +[sentinel-threattype](https://github.com/MISP/misp-taxonomies/tree/main/sentinel-threattype) : +Sentinel indicator threat types. [Overview](https://www.misp-project.org/taxonomies.html#_sentinel_threattype) + ### smart-airports-threats [smart-airports-threats](https://github.com/MISP/misp-taxonomies/tree/main/smart-airports-threats) : From 14f1349fad189091960311018a4cabcb1018adb9 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 11 Jan 2023 16:24:41 +0100 Subject: [PATCH 06/13] chg: [MANIFEST] updated --- MANIFEST.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MANIFEST.json b/MANIFEST.json index fed1c1b..1b11042 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -735,5 +735,5 @@ } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", - "version": "20221202" + "version": "20230111" } From 6477e0d9d40dc62187459cec06e724978313b7d8 Mon Sep 17 00:00:00 2001 From: paulingega-sa Date: Mon, 6 Mar 2023 17:38:38 +0000 Subject: [PATCH 07/13] chg: [misp-taxonomy] updated threatmatch taxonomies --- threatmatch/machinetag.json | 58 ++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/threatmatch/machinetag.json b/threatmatch/machinetag.json index 703bfdb..324efa0 100644 --- a/threatmatch/machinetag.json +++ b/threatmatch/machinetag.json @@ -437,8 +437,8 @@ "expanded": "Actor Campaigns" }, { - "value": "Credential Breaches", - "expanded": "Credential Breaches" + "value": "Credential Breach", + "expanded": "Credential Breach" }, { "value": "DDoS", @@ -453,41 +453,29 @@ "expanded": "General Notification" }, { - "value": "High Impact Vulnerabilities", - "expanded": "High Impact Vulnerabilities" + "value": "Vulnerability", + "expanded": "Vulnerability" }, { "value": "Information Leakages", "expanded": "Information Leakages" }, { - "value": "Malware Analysis", - "expanded": "Malware Analysis" + "value": "Malware", + "expanded": "Malware" }, { - "value": "Nefarious Domains", - "expanded": "Nefarious Domains" + "value": "Suspicious Domain", + "expanded": "Suspicious Domain" }, { - "value": "Nefarious Forum Mention", - "expanded": "Nefarious Forum Mention" - }, - { - "value": "Pastebin Dumps", - "expanded": "Pastebin Dumps" + "value": "Forum Mention", + "expanded": "Forum Mention" }, { "value": "Phishing Attempts", "expanded": "Phishing Attempts" }, - { - "value": "PII Exposure", - "expanded": "PII Exposure" - }, - { - "value": "Sensitive Information Disclosures", - "expanded": "Sensitive Information Disclosures" - }, { "value": "Social Media Alerts", "expanded": "Social Media Alerts" @@ -501,14 +489,30 @@ "expanded": "Technical Exposure" }, { - "value": "Threat Actor Updates", - "expanded": "Threat Actor Updates" + "value": "Threat Actor Update", + "expanded": "Threat Actor Update" }, { - "value": "Trigger Events", - "expanded": "Trigger Events" + "value": "Direct Targeting ", + "expanded": "Direct Targeting " + }, + { + "value": "Protest Activity", + "expanded": "Protest Activity" + }, + { + "value": "Violent Event", + "expanded": "Violent Event" + }, + { + "value": "Strategic Event", + "expanded": "Strategic Event" + }, + { + "value": "Insider Threat", + "expanded": "Insider Threat" } ] } ] -} +} \ No newline at end of file From 151462bf0ea1a0c2944d9985459e8d0c86fbc34e Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 7 Mar 2023 11:20:24 +0100 Subject: [PATCH 08/13] chg: [threatmatch] removing trailing end line --- threatmatch/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/threatmatch/machinetag.json b/threatmatch/machinetag.json index 324efa0..01068f0 100644 --- a/threatmatch/machinetag.json +++ b/threatmatch/machinetag.json @@ -515,4 +515,4 @@ ] } ] -} \ No newline at end of file +} From 06cf2926fcefde2cced9d45274f076ac84d9e140 Mon Sep 17 00:00:00 2001 From: JRC-T2 <129943580+JRC-T2@users.noreply.github.com> Date: Fri, 14 Apr 2023 13:57:04 +0200 Subject: [PATCH 09/13] Expanded Dark-Web taxonomy developed by the Joint Research Centre (JRC) --- dark-web/machinetag.json | 252 +++++++++++++++++++++++++++++---------- 1 file changed, 186 insertions(+), 66 deletions(-) diff --git a/dark-web/machinetag.json b/dark-web/machinetag.json index 4da2f50..a67ab08 100644 --- a/dark-web/machinetag.json +++ b/dark-web/machinetag.json @@ -1,8 +1,8 @@ { "namespace": "dark-web", "expanded": "Dark Web", - "description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project", - "version": 4, + "description": "Criminal motivation and content detection the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project and extended by the JRC (Joint Research Centre) of the European Commission.", + "version": 5, "predicates": [ { "value": "topic", @@ -18,6 +18,16 @@ "value": "structure", "description": "Structure of the materials tagged", "expanded": "Structure" + }, + { + "value": "service", + "description": "Information related to an Dark-Web service", + "expanded": "Service" + }, + { + "value": "content", + "description": "Identifiable entities and information contained in a Dark-Web service", + "expanded": "Content" } ], "values": [ @@ -26,182 +36,182 @@ "entry": [ { "value": "drugs-narcotics", - "expanded": "Drugs/Narcotics", + "expanded": "drugsNarcotics", "description": "Illegal drugs/chemical compounds for consumption/ingestion - either via blanket unlawfulness (e.g. proscribed drugs) or via unlawful access (e.g. prescription-only/restricted medications sold without lawful accessibility)." }, { "value": "electronics", - "expanded": "Electronics", + "expanded": "electronics", "description": "Electronics and high tech materials, described or to sell for example." }, { "value": "finance", - "expanded": "Finance", + "expanded": "finance", "description": "Any monetary/currency/exchangeable materials. Includes carding, Paypal etc." }, { "value": "finance-crypto", - "expanded": "CryptoFinance", + "expanded": "cryptoFinance", "description": "Any monetary/currency/exchangeable materials based on cryptocurrencies. Includes Bitcoin, Litecoin etc." }, { "value": "credit-card", - "expanded": "Credit-Card", + "expanded": "creditCard", "description": "Credit cards and payments materials" }, { "value": "cash-in", - "expanded": "Cash-in", + "expanded": "cashIn", "description": "Buying parts of assets, conversion from liquid assets, currency, etc." }, { "value": "cash-out", - "expanded": "Cash-out", + "expanded": "cashOut", "description": "Selling parts of assets, conversion to liquid assets, currency, etc." }, { "value": "escrow", - "expanded": "Escrow", + "expanded": "escrow", "description": "Third party keeping assets in behalf of two other parties making a transactions." }, { "value": "hacking", - "expanded": "Hacking", + "expanded": "hacking", "description": "Materials relating to the illegal access to or alteration of data and/or electronic services." }, { "value": "identification-credentials", - "expanded": "Identification/Credentials", + "expanded": "identificationCredentials", "description": "Materials used for providing/establishing identification with third parties. Examples include passports, driver licenses and login credentials." }, { "value": "intellectual-property-copyright-materials", - "expanded": "Intellectual Property/Copyright Materials", + "expanded": "intellectualPropertyCopyrightMaterials", "description": "Otherwise lawful materials stored, transferred or made available without consent of their legal rights holders." }, { "value": "pornography-adult", - "expanded": "Pornography - Adult", + "expanded": "pornographyAdult", "description": "Lawful, ethical pornography (i.e. involving only consenting adults)." }, { "value": "pornography-child-exploitation", - "expanded": "Pornography - Child (Child Exploitation)", + "expanded": "pornographyChild(ChildExploitation)", "description": "Child abuse materials (aka child pornography), including 'fantasy' fiction materials, CGI. Also includes the provision/offering of child abuse materials and/or activities" }, { "value": "pornography-illicit-or-illegal", - "expanded": "Pornography - Illicit or Illegal", + "expanded": "pornographyIllicitOrIllegal", "description": "Illegal pornography NOT including children/child abuse. Includes bestiality, stolen/revenge porn, hidden cameras etc." }, { "value": "search-engine-index", - "expanded": "Search Engine/Index", + "expanded": "searchEngineIndex", "description": "Site providing links/references to other sites/services. Referred to as a ‘nexus’ by (Moore and Rid, 2016)" }, { "value": "unclear", - "expanded": "Unclear", + "expanded": "unclear", "description": "Unable to completely establish topic of material." }, { "value": "extremism", - "expanded": "Extremism", + "expanded": "extremism", "description": "Illegal or ‘of concern’ levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes." }, { "value": "violence", - "expanded": "Violence", + "expanded": "violence", "description": "Materials relating to violence against persons or property." }, { "value": "weapons", - "expanded": "Weapons", + "expanded": "weapons", "description": "Materials specifically associated with materials and/or items for use in violent acts against persons or property. Examples include firearms and bomb-making ingredients." }, { "value": "softwares", - "expanded": "Softwares", + "expanded": "softwares", "description": "Illegal or armful software distribution" }, { "value": "counteir-feit-materials", - "expanded": "Counter-feit materials", + "expanded": "counterFeitMaterials", "description": "Fake identification papers." }, { "value": "gambling", - "expanded": "Gambling", + "expanded": "gambling", "description": "Games involving money" }, { "value": "library", - "expanded": "Library", + "expanded": "library", "description": "Library or list of books" }, { "value": "other-not-illegal", - "expanded": "Other not illegal", + "expanded": "otherNotIllegal", "description": "Material not of interest to law enforcement - e.g. personal sites, Facebook mirrors." }, { "value": "legitimate", - "expanded": "Legitimate", + "expanded": "legitimate", "description": "Legitimate websites" }, { "value": "chat", - "expanded": "Chats platforms", + "expanded": "chatsPlatforms", "description": "Chats space or equivalent, which are not forums" }, { "value": "mixer", - "expanded": "Mixer", + "expanded": "mixer", "description": "Anonymization tools for crypto-currencies transactions" }, { "value": "mystery-box", - "expanded": "Mystery-Box", + "expanded": "mysteryBox", "description": "Mystery Box seller" }, { "value": "anonymizer", - "expanded": "Anonymizer", + "expanded": "anonymizer", "description": "Anonymization tools" }, { "value": "vpn-provider", - "expanded": "VPN-Provider", + "expanded": "vpnProvider", "description": "Provides VPN services and related" }, { "value": "email-provider", - "expanded": "EMail-Provider", + "expanded": "emailProvider", "description": "Provides e-mail services and related" }, { "value": "ponies", - "expanded": "Ponies", + "expanded": "ponies", "description": "self-explanatory. It's ponies" }, { "value": "games", - "expanded": "Games", + "expanded": "games", "description": "Flash or online games" }, { "value": "parody", - "expanded": "Parody or Joke", + "expanded": "parodyOrJoke", "description": "Meme, Parody, Jokes, Trolling, ..." }, { "value": "whistleblower", - "expanded": "Whistleblower", + "expanded": "whistleblower", "description": "Exposition and sharing of confidential information with protection of the witness in mind" }, { "value": "ransomware-group", - "expanded": "Ransomware Group", + "expanded": "ransomwareGroup", "description": "Ransomware group PR or leak website" } ] @@ -211,92 +221,92 @@ "entry": [ { "value": "education-training", - "expanded": "Education & Training", + "expanded": "educationTraining", "description": "Materials providing instruction - e.g. ‘how to’ guides" }, { "value": "wiki", - "expanded": "Wiki", + "expanded": "wiki", "description": "Wiki pages, documentation and information display" }, { "value": "forum", - "expanded": "Forum", + "expanded": "forum", "description": "Sites specifically designed for multiple users to communicate as peers" }, { "value": "file-sharing", - "expanded": "File Sharing", + "expanded": "fileSharing", "description": "General file sharing, typically (but not limited to) movie/image sharing" }, { "value": "hosting", - "expanded": "Hosting", + "expanded": "hosting", "description": "Hosting providers, e-mails, websites, file-storage etc." }, { "value": "ddos-services", - "expanded": "DDoS-Services", + "expanded": "ddosServices", "description": "Stresser, Booter, DDoSer, DDoS as a Service provider, DDoS tools, etc." }, { "value": "general", - "expanded": "General", + "expanded": "general", "description": "Materials not covered by the other motivations. Typically, materials of a nature not of interest to law enforcement. For example, personal biography sites." }, { "value": "information-sharing-reportage", - "expanded": "Information Sharing/Reportage", + "expanded": "InformationSharingReportage", "description": "Journalism/reporting on topics. Can include biased coverage, but obvious propaganda materials are covered by Recruitment/Advocacy." }, { "value": "scam", - "expanded": "Scam", + "expanded": "scam", "description": "Intentional confidence trick to fraud people or group of people" }, { "value": "political-speech", - "expanded": "Political-Speech", + "expanded": "politicalSpeech", "description": "Political, activism, without extremism." }, { "value": "conspirationist", - "expanded": "Conspirationist", + "expanded": "conspirationist", "description": "Conspirationist content, fake news, etc." }, { "value": "hate-speech", - "expanded": "Hate-Speech", + "expanded": "hateSpeech", "description": "Racism, violent, hate... speech." }, { "value": "religious", - "expanded": "Religious", + "expanded": "religious", "description": "Religious, faith, doctrinal related content." }, { "value": "marketplace-for-sale", - "expanded": "Marketplace/For Sale", + "expanded": "marketplaceForSale", "description": "Services/goods for sale, regardless of means of payment." }, { "value": "smuggling", - "expanded": "Smuggling", + "expanded": "smuggling", "description": "Information or trading of wild animals, prohibited goods, ... " }, { "value": "recruitment-advocacy", - "expanded": "Recruitment/Advocacy", + "expanded": "recruitmentAdvocacy", "description": "Propaganda" }, { "value": "system-placeholder", - "expanded": "System/Placeholder", + "expanded": "systemPlaceholder", "description": "Automatically generated content, not designed for any identifiable purpose other than diagnostics - e.g. “It Works” message provided by default by Apache2" }, { "value": "unclear", - "expanded": "Unclear", + "expanded": "unclear", "description": "Unable to completely establish motivation of material." } ] @@ -306,55 +316,165 @@ "entry": [ { "value": "incomplete", - "expanded": "Incomplete websites or information", + "expanded": "incomplete", "description": "Websites and pages that are unable to load completely properly" }, { "value": "captcha", - "expanded": "Captcha and Solvers", + "expanded": "captcha", "description": "Captchas and solvers elements" }, { "value": "login-forms", - "expanded": "Logins forms and gates", + "expanded": "loginForms", "description": "Authentication pages, login page, login forms that block access to an internal part of a website." }, { "value": "contact-forms", - "expanded": "Contact forms and gates", + "expanded": "contactForms", "description": "Forms to perform a contact request, send an e-mail, fill information, enter a password, ..." }, { "value": "encryption-keys", - "expanded": "Encryption and decryption keys", + "expanded": "encryptionKeys", "description": "e.g. PGP Keys, passwords, ..." }, { "value": "police-notice", - "expanded": "Police Notice", + "expanded": "policeNotice", "description": "Closed websites, with police-equivalent banners" }, { "value": "legal-statement", - "expanded": "Legal-Statement", + "expanded": "legalStatement", "description": "RGPD statement, Privacy-policy, guidelines of a websites or forum..." }, { "value": "test", - "expanded": "Test", + "expanded": "test", "description": "Test websites without any real consequences or effects" }, { "value": "videos", - "expanded": "Videos", + "expanded": "videos", "description": "Videos and streaming" }, { "value": "unclear", - "expanded": "Unclear", + "expanded": "unclear", "description": "Unable to completely establish structure of material." } ] + }, + { + "predicate": "service", + "entry": [ + { + "value": "url", + "expanded": "url", + "description": "Uniform Resource Locator (URL) of a dark-web. The url should indicate a protocol (http), a hostname (www.example.com), and a file name (index.html). Example: http://www.example.com/index.html" + }, + { + "value": "content-type", + "expanded": "contentType", + "description": "Content-Type representaton headerused to indicate the original media type of the resource (prior to any content encoding applied for sending). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type" + }, + { + "value": "path", + "expanded": "path", + "description": "The URL path is the string of information that comes after the top level domain name " + }, + { + "value": "detection-date", + "expanded": "detectionDate", + "description": "Date in which the dark-web was detected. The date should be in ISO 8601 format. Example: 2019-01-01T00:00:00Z" + }, + { + "value": "network-protocol", + "expanded": "networkProtocol", + "description": "Network protocol used to access the dark-web site (e.g., HTTP, HTTPS)" + }, + { + "value": "port", + "expanded": "port", + "description": "Port number where the dark-web service is being offered" + }, + { + "value": "network", + "expanded": "network", + "description": "Overlay network (darknet) that host the service or content" + }, + { + "value": "found-at", + "expanded": "foundAt", + "description": "Domain or service where the dark-web where found at" + } + ] + }, + { + "predicate": "content", + "entry": [ + { + "value": "sha1sum", + "expanded": "sha1sum", + "description": "SHA-1 (Secure Hash Algorithm 1) hash of the HTML or objectName content" + }, + { + "value": "sha256sum", + "expanded": "sha256sum", + "description": "SHA-256 hash of the HTML or objectName content" + }, + { + "value": "ssdeep", + "expanded": "ssdeep", + "description": "ssdeep fuzzy hash of the HTML or objectName content" + }, + { + "value": "language", + "expanded": "language", + "description": "Detected language of the service in ISO 639‑1 Code. Example: en" + }, + { + "value": "html", + "expanded": "html", + "description": "HyperText Markup Language (HTML) used in a website" + }, + { + "value": "css", + "expanded": "css", + "description": "CSS (Cascading Style Sheets) used in a dark-web site" + }, + { + "value": "text", + "expanded": "text", + "description": "Content of the dark-web service without HTML tags" + }, + { + "value": "page-title", + "expanded": "pageTitle", + "description": "HTML tag content of a dark-web site" + }, + { + "value": "phone-number", + "expanded": "phoneNumber", + "description": "Phone number identified in the dark-web site" + }, + { + "value": "creditCard", + "expanded": "creditCard", + "description": "Credit card identified in the dark-web site" + }, + { + "value": "email", + "expanded": "email", + "description": "Email address identified in the dark-web site" + }, + { + "value": "pgp-public-key-block", + "expanded": "pgpPublicKeyBlock", + "description": "PGP public key block identified in the dark-web site" + } + ] } ] } From a391724d5c9e47eb9a17b14119f3a781c2d663be Mon Sep 17 00:00:00 2001 From: aaronkaplan <aaron@lo-res.org> Date: Fri, 12 May 2023 11:39:00 +0200 Subject: [PATCH 10/13] Add the ai-or-not taxonomy --- ai-or-not/machinetag.json | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 ai-or-not/machinetag.json diff --git a/ai-or-not/machinetag.json b/ai-or-not/machinetag.json new file mode 100644 index 0000000..4ec1eb6 --- /dev/null +++ b/ai-or-not/machinetag.json @@ -0,0 +1,39 @@ +{ + "namespace": "info-origin", + "description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.", + "version": 1, + "predicates": [ + "human-generated", + "AI-generated", + "uncertain-origin" + ], + "expanded": { + "human-generated": { + "expanded": "Information that has been generated by a human", + "colour": "#33cc33" + }, + "AI-generated": { + "expanded": "Information that has been generated by an AI", + "colour": "#ff0000" + }, + "uncertain-origin": { + "expanded": "Information for which the origin is uncertain", + "colour": "#999999" + } + }, + "entry": [ + { + "value": "info-origin:human-generated", + "expanded": "Information that has been generated by a human" + }, + { + "value": "info-origin:AI-generated", + "expanded": "Information that has been generated by an AI" + }, + { + "value": "info-origin:uncertain-origin", + "expanded": "Information for which the origin is uncertain" + } + ] +} + From c02fc66988a40f31870c6f98c2f37c8a42b99594 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy <a@foo.be> Date: Sun, 14 May 2023 17:37:46 +0200 Subject: [PATCH 11/13] chg: [information-origin] create a new taxonomy define if the content is from an AI-based system, a human or the origin is unknown. The original taxonomy from @aaronkaplan has been fixed to match the correct MISP taxonomy schema format. The file in the original pull-request was most probably `information-origin:AI-generated`. This taxonomy is just namespace predicate as there is no need of specific values until now. --- ai-or-not/machinetag.json | 39 ------------------------------ information-origin/machinetag.json | 25 +++++++++++++++++++ 2 files changed, 25 insertions(+), 39 deletions(-) delete mode 100644 ai-or-not/machinetag.json create mode 100644 information-origin/machinetag.json diff --git a/ai-or-not/machinetag.json b/ai-or-not/machinetag.json deleted file mode 100644 index 4ec1eb6..0000000 --- a/ai-or-not/machinetag.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "namespace": "info-origin", - "description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.", - "version": 1, - "predicates": [ - "human-generated", - "AI-generated", - "uncertain-origin" - ], - "expanded": { - "human-generated": { - "expanded": "Information that has been generated by a human", - "colour": "#33cc33" - }, - "AI-generated": { - "expanded": "Information that has been generated by an AI", - "colour": "#ff0000" - }, - "uncertain-origin": { - "expanded": "Information for which the origin is uncertain", - "colour": "#999999" - } - }, - "entry": [ - { - "value": "info-origin:human-generated", - "expanded": "Information that has been generated by a human" - }, - { - "value": "info-origin:AI-generated", - "expanded": "Information that has been generated by an AI" - }, - { - "value": "info-origin:uncertain-origin", - "expanded": "Information for which the origin is uncertain" - } - ] -} - diff --git a/information-origin/machinetag.json b/information-origin/machinetag.json new file mode 100644 index 0000000..711b4e7 --- /dev/null +++ b/information-origin/machinetag.json @@ -0,0 +1,25 @@ +{ + "namespace": "information-origin", + "description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.", + "version": 2, + "predicates": [ + { + "value": "human-generated", + "description": "Information that has been generated by a human.", + "expanded": "human generated", + "colour": "#33FF00" + }, + { + "value": "AI-generated", + "description": "Information that has been generated by an AI LLM or similar technologies.", + "expanded": "AI generated", + "colour": "#FFC000" + }, + { + "value": "uncertain-origin", + "description": "Information for which the origin is uncertain which can be machine or a human.", + "expanded": "uncertain origin", + "colour": "#FFC000" + } + ] +} From 6bd1809df95abcf0bc4c81776dba171af9c70529 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy <a@foo.be> Date: Sun, 14 May 2023 17:42:09 +0200 Subject: [PATCH 12/13] chg: [MANIFEST] updated --- MANIFEST.json | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index 1b11042..672c2f6 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -169,9 +169,9 @@ "version": 1 }, { - "description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project", + "description": "Criminal motivation and content detection the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project and extended by the JRC (Joint Research Centre) of the European Commission.", "name": "dark-web", - "version": 4 + "version": 5 }, { "description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.", @@ -413,6 +413,11 @@ "name": "infoleak", "version": 7 }, + { + "description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.", + "name": "information-origin", + "version": 2 + }, { "description": "Taxonomy to classify the information security data sources.", "name": "information-security-data-source", @@ -735,5 +740,5 @@ } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", - "version": "20230111" + "version": "20230514" } From 46e4128897e15634d81cdc12dc2938debefb901c Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy <a@foo.be> Date: Wed, 24 May 2023 11:09:15 +0200 Subject: [PATCH 13/13] chg: [workflow] state `release` added Thanks to Kevin from the Center for Cyber Security in Belgium. --- workflow/machinetag.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/workflow/machinetag.json b/workflow/machinetag.json index 57cce6e..17872cc 100644 --- a/workflow/machinetag.json +++ b/workflow/machinetag.json @@ -2,7 +2,7 @@ "namespace": "workflow", "expanded": "workflow to support analysis", "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.", - "version": 11, + "version": 12, "predicates": [ { "value": "todo", @@ -132,6 +132,10 @@ { "value": "rejected", "expanded": "Analyst rejected the process. The object will not reach state of completeness." + }, + { + "value": "release", + "expanded": "Analyst approved the information to be released. Like a MISP event to be released and published." } ] }