Merge branch 'main' of github.com:misp/misp-taxonomies
commit
6b77005beb
|
@ -12,7 +12,7 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
python-version: ['3.6', '3.7', '3.8', '3.9', '3.10']
|
python-version: [3.8, 3.9, '3.10']
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
|
|
|
@ -169,9 +169,9 @@
|
||||||
"version": 1
|
"version": 1
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project",
|
"description": "Criminal motivation and content detection the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project and extended by the JRC (Joint Research Centre) of the European Commission.",
|
||||||
"name": "dark-web",
|
"name": "dark-web",
|
||||||
"version": 4
|
"version": 5
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.",
|
"description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.",
|
||||||
|
@ -413,6 +413,11 @@
|
||||||
"name": "infoleak",
|
"name": "infoleak",
|
||||||
"version": 7
|
"version": 7
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.",
|
||||||
|
"name": "information-origin",
|
||||||
|
"version": 2
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "Taxonomy to classify the information security data sources.",
|
"description": "Taxonomy to classify the information security data sources.",
|
||||||
"name": "information-security-data-source",
|
"name": "information-security-data-source",
|
||||||
|
@ -735,5 +740,5 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
|
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
|
||||||
"version": "20221202"
|
"version": "20230514"
|
||||||
}
|
}
|
||||||
|
|
15
README.md
15
README.md
|
@ -82,6 +82,11 @@ A pre-approved category of action for indicators being shared with partners (MIM
|
||||||
[artificial-satellites](https://github.com/MISP/misp-taxonomies/tree/main/artificial-satellites) :
|
[artificial-satellites](https://github.com/MISP/misp-taxonomies/tree/main/artificial-satellites) :
|
||||||
This taxonomy was designed to describe artificial satellites [Overview](https://www.misp-project.org/taxonomies.html#_artificial_satellites)
|
This taxonomy was designed to describe artificial satellites [Overview](https://www.misp-project.org/taxonomies.html#_artificial_satellites)
|
||||||
|
|
||||||
|
### aviation
|
||||||
|
|
||||||
|
[aviation](https://github.com/MISP/misp-taxonomies/tree/main/aviation) :
|
||||||
|
A taxonomy describing security threats or incidents against the aviation sector. [Overview](https://www.misp-project.org/taxonomies.html#_aviation)
|
||||||
|
|
||||||
### binary-class
|
### binary-class
|
||||||
|
|
||||||
[binary-class](https://github.com/MISP/misp-taxonomies/tree/main/binary-class) :
|
[binary-class](https://github.com/MISP/misp-taxonomies/tree/main/binary-class) :
|
||||||
|
@ -502,6 +507,11 @@ classification for the identification of type of misinformation among websites.
|
||||||
[misp](https://github.com/MISP/misp-taxonomies/tree/main/misp) :
|
[misp](https://github.com/MISP/misp-taxonomies/tree/main/misp) :
|
||||||
MISP taxonomy to infer with MISP behavior or operation. [Overview](https://www.misp-project.org/taxonomies.html#_misp)
|
MISP taxonomy to infer with MISP behavior or operation. [Overview](https://www.misp-project.org/taxonomies.html#_misp)
|
||||||
|
|
||||||
|
### misp-workflow
|
||||||
|
|
||||||
|
[misp-workflow](https://github.com/MISP/misp-taxonomies/tree/main/misp-workflow) :
|
||||||
|
MISP workflow taxonomy to support result of workflow execution. [Overview](https://www.misp-project.org/taxonomies.html#_misp_workflow)
|
||||||
|
|
||||||
### monarc-threat
|
### monarc-threat
|
||||||
|
|
||||||
[monarc-threat](https://github.com/MISP/misp-taxonomies/tree/main/monarc-threat) :
|
[monarc-threat](https://github.com/MISP/misp-taxonomies/tree/main/monarc-threat) :
|
||||||
|
@ -632,6 +642,11 @@ Flags describing the sample for isotopic data (C14, O18) [Overview](https://www.
|
||||||
[scrippsco2-sampling-stations](https://github.com/MISP/misp-taxonomies/tree/main/scrippsco2-sampling-stations) :
|
[scrippsco2-sampling-stations](https://github.com/MISP/misp-taxonomies/tree/main/scrippsco2-sampling-stations) :
|
||||||
Sampling stations of the Scripps CO2 Program [Overview](https://www.misp-project.org/taxonomies.html#_scrippsco2_sampling_stations)
|
Sampling stations of the Scripps CO2 Program [Overview](https://www.misp-project.org/taxonomies.html#_scrippsco2_sampling_stations)
|
||||||
|
|
||||||
|
### sentinel-threattype
|
||||||
|
|
||||||
|
[sentinel-threattype](https://github.com/MISP/misp-taxonomies/tree/main/sentinel-threattype) :
|
||||||
|
Sentinel indicator threat types. [Overview](https://www.misp-project.org/taxonomies.html#_sentinel_threattype)
|
||||||
|
|
||||||
### smart-airports-threats
|
### smart-airports-threats
|
||||||
|
|
||||||
[smart-airports-threats](https://github.com/MISP/misp-taxonomies/tree/main/smart-airports-threats) :
|
[smart-airports-threats](https://github.com/MISP/misp-taxonomies/tree/main/smart-airports-threats) :
|
||||||
|
|
|
@ -1,31 +1,31 @@
|
||||||
{
|
{
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"expanded": "Target Sub Systems",
|
"expanded": "Target",
|
||||||
"value": "target-sub-systems"
|
"value": "target"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"expanded": "Target systems",
|
"expanded": "Target systems",
|
||||||
"value": "target-systems"
|
"value": "target-systems"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"expanded": "Target Sub Systems",
|
||||||
|
"value": "target-sub-systems"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "impact",
|
"value": "impact",
|
||||||
"expanded": "Impact",
|
"expanded": "Impact",
|
||||||
"exclusive": true
|
"exclusive": true
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"expanded": "Target",
|
|
||||||
"value": "target"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"expanded": "Mission Critical",
|
|
||||||
"value": "mission-critical"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"value": "likelihood",
|
"value": "likelihood",
|
||||||
"expanded": "Likelihood",
|
"expanded": "Likelihood",
|
||||||
"exclusive": true
|
"exclusive": true
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"expanded": "Criticality",
|
||||||
|
"value": "criticality"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "certainty",
|
"value": "certainty",
|
||||||
"expanded": "Certainty",
|
"expanded": "Certainty",
|
||||||
|
@ -39,42 +39,55 @@
|
||||||
{
|
{
|
||||||
"predicate": "target",
|
"predicate": "target",
|
||||||
"entry": [
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "airline",
|
||||||
|
"expanded": "airline",
|
||||||
|
"description": "airlines or airline groups"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "airspace users",
|
"value": "airspace users",
|
||||||
"expanded": "Airspace Users",
|
"expanded": "Airspace Users",
|
||||||
"description": "Airspace users including airlines"
|
"description": "Airspace users other than airlines like drone, helicopter, baloon operators"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "airport",
|
"value": "airport",
|
||||||
"expanded": "Airport"
|
"expanded": "Airport",
|
||||||
|
"description": "Airports or airport operators"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "air-navigation-service-provider",
|
"value": "ansp",
|
||||||
"expanded": "Air Navigation Service Provider"
|
"expanded": "Air Navigation Service Provider",
|
||||||
|
"description": "Air Navigation Service Provider who is managing the airspace of a country or a specific region"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "international-association",
|
"value": "international-association",
|
||||||
"expanded": "International Association"
|
"expanded": "International Association",
|
||||||
|
"description": "International associations related with aviation sector"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "civil-aviation-authority",
|
"value": "caa",
|
||||||
"expanded": "Civil Aviation Authority"
|
"expanded": "Civil Aviation Authority",
|
||||||
|
"description": "Civil Aviation Authority who is responsible for regulation the aviation of a country"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "manufacturer",
|
"value": "manufacturer",
|
||||||
"expanded": "Manufacturer"
|
"expanded": "Manufacturer",
|
||||||
|
"description": "Manufacturers who produce aircrafts,aircraft or ATM related components"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "service-provider",
|
"value": "service-provider",
|
||||||
"expanded": "Service Provider"
|
"expanded": "Service Provider",
|
||||||
|
"description": "Service providers who provide different services to the aviation stakeholders"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "network-manager",
|
"value": "network-manager",
|
||||||
"expanded": "Network Manager"
|
"expanded": "Network Manager",
|
||||||
|
"description": "Network Manager manages ATM network functions (airspace design, flow management) as well as scarce resources"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "military",
|
"value": "military",
|
||||||
"expanded": "Military"
|
"expanded": "Military",
|
||||||
|
"description": "Military aviation"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -83,148 +96,168 @@
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "ATM",
|
"value": "ATM",
|
||||||
"expanded": "ATM - Air Traffic Management"
|
"expanded": "ATM - Air Traffic Management",
|
||||||
|
"description": "Air traffic management systems which manage airspace"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "AIS",
|
"value": "AIS",
|
||||||
"expanded": "AIS - Aeronautical Information Service"
|
"expanded": "AIS - Aeronautical Information Service",
|
||||||
|
"description": "Aeronatutical Infromation Service whose objective is to ensure the flow of aeronautical information and data necessary for the safety, regularity and efficiency of international air navigation"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "MET",
|
"value": "MET",
|
||||||
"expanded": "MET - Meteorological Service"
|
"expanded": "MET - Meteorological Service",
|
||||||
|
"description": "Meteorological service which provides meteo data to the airspace users"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "SAR",
|
"value": "SAR",
|
||||||
"expanded": "SAR - Search and Rescue"
|
"expanded": "SAR - Search and Rescue",
|
||||||
|
"description": "Search and rescue (SAR) service is provided to the survivors of aircraft accidents as well as aircraft in distress (and their occupants) regardless of their nationality"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS",
|
"value": "CNS",
|
||||||
"expanded": "CNS - Communication, Navigation and Surveillance"
|
"expanded": "CNS - Communication, Navigation and Surveillance",
|
||||||
|
"description": "The main functions of ATM: Communication, Navigation and Surveillance"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "airport-management-systems",
|
"value": "airport-management-systems",
|
||||||
"expanded": "Airport Management Systems"
|
"expanded": "Airport Management Systems",
|
||||||
|
"description": "Airport IT and OT systems that manage airport internal operations"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "airport-online-services",
|
"value": "airport-online-services",
|
||||||
"expanded": "Airport Online Services"
|
"expanded": "Airport Online Services",
|
||||||
|
"description": "Airport online service that helps external users to reach airport services"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "airport-fids-systems",
|
"value": "airport-fids-systems",
|
||||||
"expanded": "Airport FIDS systems"
|
"expanded": "Airport Flight Information Display Systems",
|
||||||
|
"description": "Airport Flight Information Display Systems that guide the passangers about flights"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "airline-management-systems",
|
"value": "airline-management-systems",
|
||||||
"expanded": "Airline Management Systems"
|
"expanded": "Airline Management Systems",
|
||||||
|
"description": "Airline Management Systems that manage airline intenal operations"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "airline-online-services",
|
"value": "airline-online-services",
|
||||||
"expanded": "Airline Online Services"
|
"expanded": "Airline Online Services",
|
||||||
|
"description": "Airline Online Services that helps external users to reach airlines services"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate": "target-sub-systems",
|
"predicate": "target-sub-systems",
|
||||||
"entry": [
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "ATM:NewPENS",
|
||||||
|
"expanded": "ATM New PENS(Pan-European Network Service)",
|
||||||
|
"description": "ATM New PENS(Pan-European Network Service) which is private network for aviation stakeholders"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "ATM:SWIM",
|
||||||
|
"expanded": "ATM SWIM(Sytem Wide Information Management)",
|
||||||
|
"description": "ATM SWIM(System Wide Information Management) is the system that enables seamless information access and interchange between all providers and users of ATM information and services"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "ATM:ATS:ATC",
|
"value": "ATM:ATS:ATC",
|
||||||
"expanded": "ATM ATS ATC - Air Traffic Control"
|
"expanded": "ATM ATS(Air Traffic Service) ATC - Air Traffic Control",
|
||||||
|
"description": "ATM ATS(Air Traffic Service) ATC - Air Traffic Control systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "ATM:ATS:FIS",
|
"value": "ATM:ATS:FIS",
|
||||||
"expanded": "ATM ATS FIST - Flight Information Services"
|
"expanded": "ATM ATS FIS - Flight Information Services",
|
||||||
|
"description": "ATM ATS FIS - Flight Information Services systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "ATM:ATS:ALRS",
|
"value": "ATM:ATS:ALRS",
|
||||||
"expanded": "ATM ATS ALRS - Alerting Services"
|
"expanded": "ATM ATS ALRS - Alerting Services",
|
||||||
|
"description": "ATM ATS ALRS - Alerting Services systems"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "ATM:ATS:ATFM",
|
||||||
|
"expanded": "ATM ATS ATFM(Air Traffic Flow Management)",
|
||||||
|
"description": "ATM ATS ATFM(Air Traffic Flow Management) systems "
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "ATM:ATS:ASM",
|
||||||
|
"expanded": "ATM ATS ASM(Airspace management)",
|
||||||
|
"description": "ATM ATS ASM(Airspace management) systems "
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:COM:Ground-Ground",
|
"value": "CNS:COM:Ground-Ground",
|
||||||
"expanded": "CNS COM Ground-Ground"
|
"expanded": "CNS COM Ground-Ground",
|
||||||
|
"description": "Ground-ground communication systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:COM:Ground-Air",
|
"value": "CNS:COM:Ground-Air",
|
||||||
"expanded": "CNS COM Ground Air"
|
"expanded": "CNS COM Ground Air",
|
||||||
|
"description": "Ground-Air communication systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:COM:Air-Air",
|
"value": "CNS:COM:Air-Air",
|
||||||
"expanded": "CNS COM Air Air"
|
"expanded": "CNS COM Air Air",
|
||||||
|
"description": "Air-Air Communication systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:COM:Asterix",
|
"value": "CNS:COM:Asterix",
|
||||||
"expanded": "CNS COM Asterix"
|
"expanded": "CNS COM Asterix",
|
||||||
|
"description": "Asterix radar data protocol processing systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:COM:VDL",
|
"value": "CNS:COM:VDL",
|
||||||
"expanded": "CNS COM VDL"
|
"expanded": "CNS COM VDL",
|
||||||
},
|
"description": "Very High Frequency Data link"
|
||||||
{
|
|
||||||
"value": "CNS:COM:Reserved1",
|
|
||||||
"expanded": "CNS COM Reserved1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "CNS:COM:Reserved2",
|
|
||||||
"expanded": "CNS COM Reserved2"
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:SUR:ADS-B",
|
"value": "CNS:SUR:ADS-B",
|
||||||
"expanded": "CNS SUR ADS-B"
|
"expanded": "CNS SUR ADS-B(Automatic Dependent Surveillance-Broadcast)",
|
||||||
|
"description": "ADS-B Automatic Dependent Surveillance-Broadcast) protocol"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:SUR:ADS-C",
|
"value": "CNS:SUR:ADS-C",
|
||||||
"expanded": "CNS SUR ADS-C"
|
"expanded": "CNS SUR ADS-C(Automatic dependent surveillance-contract)",
|
||||||
|
"description": "ADS-C Automatic Dependent Surveillance-contract"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:SUR:Radar",
|
"value": "CNS:SUR:Radar",
|
||||||
"expanded": "CNS SUR Radar"
|
"expanded": "CNS SUR Radar",
|
||||||
|
"description": "Radar related systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:SUR:PR",
|
"value": "CNS:SUR:PR",
|
||||||
"expanded": "CNS SUR PR"
|
"expanded": "CNS SUR PR(Primary Radar)",
|
||||||
|
"description": "Primary Radar related systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:SUR:SSR",
|
"value": "CNS:SUR:SSR",
|
||||||
"expanded": "CNS SUR SSR"
|
"expanded": "CNS SUR SSR(Secondary Surveillance Radar)",
|
||||||
|
"description": "Secondary Surveillance Radar related systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:SUR:Reserved1",
|
"value": "CNS:Nav:GNSS",
|
||||||
"expanded": "CNS SUR Reserved1"
|
"expanded": "CNS Nav GNSS(Global Navigation Satellite Systems)",
|
||||||
},
|
"description": "GNSS(Global Naviation Satellite Systems) related systems"
|
||||||
{
|
|
||||||
"value": "CNS:SUR:Reserved2",
|
|
||||||
"expanded": "CNS SUR Reserved2"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "CNS:SUR:Reserved3",
|
|
||||||
"expanded": "CNS SUR Reserved3"
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:Nav:GPS",
|
"value": "CNS:Nav:GPS",
|
||||||
"expanded": "CNS Nav GPS"
|
"expanded": "CNS Nav GPS(Global Positioning Systems)",
|
||||||
|
"description": "GPS(Global Positioning Systems) related systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:Nav:GLONASS",
|
"value": "CNS:Nav:GLONASS",
|
||||||
"expanded": "CNS Nav GLONASS"
|
"expanded": "CNS Nav GLONASS(GLObal NAvigation Satellite Systems)",
|
||||||
|
"description": "GLONASS(GLObal NAvigation Satellite Systems) related systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:Nav:ILS",
|
"value": "CNS:Nav:ILS",
|
||||||
"expanded": "CNS Nav ILS"
|
"expanded": "CNS Nav ILS(Instrument landing systems)",
|
||||||
|
"description": "ILS(Instrument landing systems) related systems"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CNS:Nav:GLS",
|
"value": "CNS:Nav:GLS",
|
||||||
"expanded": "CNS Nav GLS"
|
"expanded": "CNS Nav GLS (GNSS dependent landing systems",
|
||||||
},
|
"description": "GLS(GNSS dependent landing systems) related systems"
|
||||||
{
|
|
||||||
"value": "CNS:Nav:Reserved1",
|
|
||||||
"expanded": "CNS Nav Reserved1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "CNS:Nav:Reserved2",
|
|
||||||
"expanded": "CNS Nav Reserved2"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "CNS:Nav:Reserved3",
|
|
||||||
"expanded": "CNS Mav Reserved3"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -294,15 +327,22 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate": "mission-critical",
|
"predicate": "criticality",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "mission-critical",
|
"value": "safety-critical",
|
||||||
"expanded": "Mission Critical"
|
"expanded": "Safety Critical",
|
||||||
|
"description": "Criticality level that threatens human life"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "safety-critical",
|
"value": "mission-critical",
|
||||||
"expanded": "Safety Critical"
|
"expanded": "Mission Critical",
|
||||||
|
"description": "Criticality level that affects the critical services impacting the airspace management"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "business-critical",
|
||||||
|
"expanded": "business Critical",
|
||||||
|
"description": "Criticality level that affects business functions"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{
|
{
|
||||||
"namespace": "dark-web",
|
"namespace": "dark-web",
|
||||||
"expanded": "Dark Web",
|
"expanded": "Dark Web",
|
||||||
"description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project",
|
"description": "Criminal motivation and content detection the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project and extended by the JRC (Joint Research Centre) of the European Commission.",
|
||||||
"version": 4,
|
"version": 5,
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "topic",
|
"value": "topic",
|
||||||
|
@ -18,6 +18,16 @@
|
||||||
"value": "structure",
|
"value": "structure",
|
||||||
"description": "Structure of the materials tagged",
|
"description": "Structure of the materials tagged",
|
||||||
"expanded": "Structure"
|
"expanded": "Structure"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "service",
|
||||||
|
"description": "Information related to an Dark-Web service",
|
||||||
|
"expanded": "Service"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "content",
|
||||||
|
"description": "Identifiable entities and information contained in a Dark-Web service",
|
||||||
|
"expanded": "Content"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"values": [
|
"values": [
|
||||||
|
@ -26,182 +36,182 @@
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "drugs-narcotics",
|
"value": "drugs-narcotics",
|
||||||
"expanded": "Drugs/Narcotics",
|
"expanded": "drugsNarcotics",
|
||||||
"description": "Illegal drugs/chemical compounds for consumption/ingestion - either via blanket unlawfulness (e.g. proscribed drugs) or via unlawful access (e.g. prescription-only/restricted medications sold without lawful accessibility)."
|
"description": "Illegal drugs/chemical compounds for consumption/ingestion - either via blanket unlawfulness (e.g. proscribed drugs) or via unlawful access (e.g. prescription-only/restricted medications sold without lawful accessibility)."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "electronics",
|
"value": "electronics",
|
||||||
"expanded": "Electronics",
|
"expanded": "electronics",
|
||||||
"description": "Electronics and high tech materials, described or to sell for example."
|
"description": "Electronics and high tech materials, described or to sell for example."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "finance",
|
"value": "finance",
|
||||||
"expanded": "Finance",
|
"expanded": "finance",
|
||||||
"description": "Any monetary/currency/exchangeable materials. Includes carding, Paypal etc."
|
"description": "Any monetary/currency/exchangeable materials. Includes carding, Paypal etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "finance-crypto",
|
"value": "finance-crypto",
|
||||||
"expanded": "CryptoFinance",
|
"expanded": "cryptoFinance",
|
||||||
"description": "Any monetary/currency/exchangeable materials based on cryptocurrencies. Includes Bitcoin, Litecoin etc."
|
"description": "Any monetary/currency/exchangeable materials based on cryptocurrencies. Includes Bitcoin, Litecoin etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "credit-card",
|
"value": "credit-card",
|
||||||
"expanded": "Credit-Card",
|
"expanded": "creditCard",
|
||||||
"description": "Credit cards and payments materials"
|
"description": "Credit cards and payments materials"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "cash-in",
|
"value": "cash-in",
|
||||||
"expanded": "Cash-in",
|
"expanded": "cashIn",
|
||||||
"description": "Buying parts of assets, conversion from liquid assets, currency, etc."
|
"description": "Buying parts of assets, conversion from liquid assets, currency, etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "cash-out",
|
"value": "cash-out",
|
||||||
"expanded": "Cash-out",
|
"expanded": "cashOut",
|
||||||
"description": "Selling parts of assets, conversion to liquid assets, currency, etc."
|
"description": "Selling parts of assets, conversion to liquid assets, currency, etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "escrow",
|
"value": "escrow",
|
||||||
"expanded": "Escrow",
|
"expanded": "escrow",
|
||||||
"description": "Third party keeping assets in behalf of two other parties making a transactions."
|
"description": "Third party keeping assets in behalf of two other parties making a transactions."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "hacking",
|
"value": "hacking",
|
||||||
"expanded": "Hacking",
|
"expanded": "hacking",
|
||||||
"description": "Materials relating to the illegal access to or alteration of data and/or electronic services."
|
"description": "Materials relating to the illegal access to or alteration of data and/or electronic services."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "identification-credentials",
|
"value": "identification-credentials",
|
||||||
"expanded": "Identification/Credentials",
|
"expanded": "identificationCredentials",
|
||||||
"description": "Materials used for providing/establishing identification with third parties. Examples include passports, driver licenses and login credentials."
|
"description": "Materials used for providing/establishing identification with third parties. Examples include passports, driver licenses and login credentials."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "intellectual-property-copyright-materials",
|
"value": "intellectual-property-copyright-materials",
|
||||||
"expanded": "Intellectual Property/Copyright Materials",
|
"expanded": "intellectualPropertyCopyrightMaterials",
|
||||||
"description": "Otherwise lawful materials stored, transferred or made available without consent of their legal rights holders."
|
"description": "Otherwise lawful materials stored, transferred or made available without consent of their legal rights holders."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "pornography-adult",
|
"value": "pornography-adult",
|
||||||
"expanded": "Pornography - Adult",
|
"expanded": "pornographyAdult",
|
||||||
"description": "Lawful, ethical pornography (i.e. involving only consenting adults)."
|
"description": "Lawful, ethical pornography (i.e. involving only consenting adults)."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "pornography-child-exploitation",
|
"value": "pornography-child-exploitation",
|
||||||
"expanded": "Pornography - Child (Child Exploitation)",
|
"expanded": "pornographyChild(ChildExploitation)",
|
||||||
"description": "Child abuse materials (aka child pornography), including 'fantasy' fiction materials, CGI. Also includes the provision/offering of child abuse materials and/or activities"
|
"description": "Child abuse materials (aka child pornography), including 'fantasy' fiction materials, CGI. Also includes the provision/offering of child abuse materials and/or activities"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "pornography-illicit-or-illegal",
|
"value": "pornography-illicit-or-illegal",
|
||||||
"expanded": "Pornography - Illicit or Illegal",
|
"expanded": "pornographyIllicitOrIllegal",
|
||||||
"description": "Illegal pornography NOT including children/child abuse. Includes bestiality, stolen/revenge porn, hidden cameras etc."
|
"description": "Illegal pornography NOT including children/child abuse. Includes bestiality, stolen/revenge porn, hidden cameras etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "search-engine-index",
|
"value": "search-engine-index",
|
||||||
"expanded": "Search Engine/Index",
|
"expanded": "searchEngineIndex",
|
||||||
"description": "Site providing links/references to other sites/services. Referred to as a ‘nexus’ by (Moore and Rid, 2016)"
|
"description": "Site providing links/references to other sites/services. Referred to as a ‘nexus’ by (Moore and Rid, 2016)"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "unclear",
|
"value": "unclear",
|
||||||
"expanded": "Unclear",
|
"expanded": "unclear",
|
||||||
"description": "Unable to completely establish topic of material."
|
"description": "Unable to completely establish topic of material."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "extremism",
|
"value": "extremism",
|
||||||
"expanded": "Extremism",
|
"expanded": "extremism",
|
||||||
"description": "Illegal or ‘of concern’ levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes."
|
"description": "Illegal or ‘of concern’ levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "violence",
|
"value": "violence",
|
||||||
"expanded": "Violence",
|
"expanded": "violence",
|
||||||
"description": "Materials relating to violence against persons or property."
|
"description": "Materials relating to violence against persons or property."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "weapons",
|
"value": "weapons",
|
||||||
"expanded": "Weapons",
|
"expanded": "weapons",
|
||||||
"description": "Materials specifically associated with materials and/or items for use in violent acts against persons or property. Examples include firearms and bomb-making ingredients."
|
"description": "Materials specifically associated with materials and/or items for use in violent acts against persons or property. Examples include firearms and bomb-making ingredients."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "softwares",
|
"value": "softwares",
|
||||||
"expanded": "Softwares",
|
"expanded": "softwares",
|
||||||
"description": "Illegal or armful software distribution"
|
"description": "Illegal or armful software distribution"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "counteir-feit-materials",
|
"value": "counteir-feit-materials",
|
||||||
"expanded": "Counter-feit materials",
|
"expanded": "counterFeitMaterials",
|
||||||
"description": "Fake identification papers."
|
"description": "Fake identification papers."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "gambling",
|
"value": "gambling",
|
||||||
"expanded": "Gambling",
|
"expanded": "gambling",
|
||||||
"description": "Games involving money"
|
"description": "Games involving money"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "library",
|
"value": "library",
|
||||||
"expanded": "Library",
|
"expanded": "library",
|
||||||
"description": "Library or list of books"
|
"description": "Library or list of books"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "other-not-illegal",
|
"value": "other-not-illegal",
|
||||||
"expanded": "Other not illegal",
|
"expanded": "otherNotIllegal",
|
||||||
"description": "Material not of interest to law enforcement - e.g. personal sites, Facebook mirrors."
|
"description": "Material not of interest to law enforcement - e.g. personal sites, Facebook mirrors."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "legitimate",
|
"value": "legitimate",
|
||||||
"expanded": "Legitimate",
|
"expanded": "legitimate",
|
||||||
"description": "Legitimate websites"
|
"description": "Legitimate websites"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "chat",
|
"value": "chat",
|
||||||
"expanded": "Chats platforms",
|
"expanded": "chatsPlatforms",
|
||||||
"description": "Chats space or equivalent, which are not forums"
|
"description": "Chats space or equivalent, which are not forums"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "mixer",
|
"value": "mixer",
|
||||||
"expanded": "Mixer",
|
"expanded": "mixer",
|
||||||
"description": "Anonymization tools for crypto-currencies transactions"
|
"description": "Anonymization tools for crypto-currencies transactions"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "mystery-box",
|
"value": "mystery-box",
|
||||||
"expanded": "Mystery-Box",
|
"expanded": "mysteryBox",
|
||||||
"description": "Mystery Box seller"
|
"description": "Mystery Box seller"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "anonymizer",
|
"value": "anonymizer",
|
||||||
"expanded": "Anonymizer",
|
"expanded": "anonymizer",
|
||||||
"description": "Anonymization tools"
|
"description": "Anonymization tools"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "vpn-provider",
|
"value": "vpn-provider",
|
||||||
"expanded": "VPN-Provider",
|
"expanded": "vpnProvider",
|
||||||
"description": "Provides VPN services and related"
|
"description": "Provides VPN services and related"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "email-provider",
|
"value": "email-provider",
|
||||||
"expanded": "EMail-Provider",
|
"expanded": "emailProvider",
|
||||||
"description": "Provides e-mail services and related"
|
"description": "Provides e-mail services and related"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "ponies",
|
"value": "ponies",
|
||||||
"expanded": "Ponies",
|
"expanded": "ponies",
|
||||||
"description": "self-explanatory. It's ponies"
|
"description": "self-explanatory. It's ponies"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "games",
|
"value": "games",
|
||||||
"expanded": "Games",
|
"expanded": "games",
|
||||||
"description": "Flash or online games"
|
"description": "Flash or online games"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "parody",
|
"value": "parody",
|
||||||
"expanded": "Parody or Joke",
|
"expanded": "parodyOrJoke",
|
||||||
"description": "Meme, Parody, Jokes, Trolling, ..."
|
"description": "Meme, Parody, Jokes, Trolling, ..."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "whistleblower",
|
"value": "whistleblower",
|
||||||
"expanded": "Whistleblower",
|
"expanded": "whistleblower",
|
||||||
"description": "Exposition and sharing of confidential information with protection of the witness in mind"
|
"description": "Exposition and sharing of confidential information with protection of the witness in mind"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "ransomware-group",
|
"value": "ransomware-group",
|
||||||
"expanded": "Ransomware Group",
|
"expanded": "ransomwareGroup",
|
||||||
"description": "Ransomware group PR or leak website"
|
"description": "Ransomware group PR or leak website"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -211,92 +221,92 @@
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "education-training",
|
"value": "education-training",
|
||||||
"expanded": "Education & Training",
|
"expanded": "educationTraining",
|
||||||
"description": "Materials providing instruction - e.g. ‘how to’ guides"
|
"description": "Materials providing instruction - e.g. ‘how to’ guides"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "wiki",
|
"value": "wiki",
|
||||||
"expanded": "Wiki",
|
"expanded": "wiki",
|
||||||
"description": "Wiki pages, documentation and information display"
|
"description": "Wiki pages, documentation and information display"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "forum",
|
"value": "forum",
|
||||||
"expanded": "Forum",
|
"expanded": "forum",
|
||||||
"description": "Sites specifically designed for multiple users to communicate as peers"
|
"description": "Sites specifically designed for multiple users to communicate as peers"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "file-sharing",
|
"value": "file-sharing",
|
||||||
"expanded": "File Sharing",
|
"expanded": "fileSharing",
|
||||||
"description": "General file sharing, typically (but not limited to) movie/image sharing"
|
"description": "General file sharing, typically (but not limited to) movie/image sharing"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "hosting",
|
"value": "hosting",
|
||||||
"expanded": "Hosting",
|
"expanded": "hosting",
|
||||||
"description": "Hosting providers, e-mails, websites, file-storage etc."
|
"description": "Hosting providers, e-mails, websites, file-storage etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "ddos-services",
|
"value": "ddos-services",
|
||||||
"expanded": "DDoS-Services",
|
"expanded": "ddosServices",
|
||||||
"description": "Stresser, Booter, DDoSer, DDoS as a Service provider, DDoS tools, etc."
|
"description": "Stresser, Booter, DDoSer, DDoS as a Service provider, DDoS tools, etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "general",
|
"value": "general",
|
||||||
"expanded": "General",
|
"expanded": "general",
|
||||||
"description": "Materials not covered by the other motivations. Typically, materials of a nature not of interest to law enforcement. For example, personal biography sites."
|
"description": "Materials not covered by the other motivations. Typically, materials of a nature not of interest to law enforcement. For example, personal biography sites."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "information-sharing-reportage",
|
"value": "information-sharing-reportage",
|
||||||
"expanded": "Information Sharing/Reportage",
|
"expanded": "InformationSharingReportage",
|
||||||
"description": "Journalism/reporting on topics. Can include biased coverage, but obvious propaganda materials are covered by Recruitment/Advocacy."
|
"description": "Journalism/reporting on topics. Can include biased coverage, but obvious propaganda materials are covered by Recruitment/Advocacy."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "scam",
|
"value": "scam",
|
||||||
"expanded": "Scam",
|
"expanded": "scam",
|
||||||
"description": "Intentional confidence trick to fraud people or group of people"
|
"description": "Intentional confidence trick to fraud people or group of people"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "political-speech",
|
"value": "political-speech",
|
||||||
"expanded": "Political-Speech",
|
"expanded": "politicalSpeech",
|
||||||
"description": "Political, activism, without extremism."
|
"description": "Political, activism, without extremism."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "conspirationist",
|
"value": "conspirationist",
|
||||||
"expanded": "Conspirationist",
|
"expanded": "conspirationist",
|
||||||
"description": "Conspirationist content, fake news, etc."
|
"description": "Conspirationist content, fake news, etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "hate-speech",
|
"value": "hate-speech",
|
||||||
"expanded": "Hate-Speech",
|
"expanded": "hateSpeech",
|
||||||
"description": "Racism, violent, hate... speech."
|
"description": "Racism, violent, hate... speech."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "religious",
|
"value": "religious",
|
||||||
"expanded": "Religious",
|
"expanded": "religious",
|
||||||
"description": "Religious, faith, doctrinal related content."
|
"description": "Religious, faith, doctrinal related content."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "marketplace-for-sale",
|
"value": "marketplace-for-sale",
|
||||||
"expanded": "Marketplace/For Sale",
|
"expanded": "marketplaceForSale",
|
||||||
"description": "Services/goods for sale, regardless of means of payment."
|
"description": "Services/goods for sale, regardless of means of payment."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "smuggling",
|
"value": "smuggling",
|
||||||
"expanded": "Smuggling",
|
"expanded": "smuggling",
|
||||||
"description": "Information or trading of wild animals, prohibited goods, ... "
|
"description": "Information or trading of wild animals, prohibited goods, ... "
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "recruitment-advocacy",
|
"value": "recruitment-advocacy",
|
||||||
"expanded": "Recruitment/Advocacy",
|
"expanded": "recruitmentAdvocacy",
|
||||||
"description": "Propaganda"
|
"description": "Propaganda"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "system-placeholder",
|
"value": "system-placeholder",
|
||||||
"expanded": "System/Placeholder",
|
"expanded": "systemPlaceholder",
|
||||||
"description": "Automatically generated content, not designed for any identifiable purpose other than diagnostics - e.g. “It Works” message provided by default by Apache2"
|
"description": "Automatically generated content, not designed for any identifiable purpose other than diagnostics - e.g. “It Works” message provided by default by Apache2"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "unclear",
|
"value": "unclear",
|
||||||
"expanded": "Unclear",
|
"expanded": "unclear",
|
||||||
"description": "Unable to completely establish motivation of material."
|
"description": "Unable to completely establish motivation of material."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -306,55 +316,165 @@
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "incomplete",
|
"value": "incomplete",
|
||||||
"expanded": "Incomplete websites or information",
|
"expanded": "incomplete",
|
||||||
"description": "Websites and pages that are unable to load completely properly"
|
"description": "Websites and pages that are unable to load completely properly"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "captcha",
|
"value": "captcha",
|
||||||
"expanded": "Captcha and Solvers",
|
"expanded": "captcha",
|
||||||
"description": "Captchas and solvers elements"
|
"description": "Captchas and solvers elements"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "login-forms",
|
"value": "login-forms",
|
||||||
"expanded": "Logins forms and gates",
|
"expanded": "loginForms",
|
||||||
"description": "Authentication pages, login page, login forms that block access to an internal part of a website."
|
"description": "Authentication pages, login page, login forms that block access to an internal part of a website."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "contact-forms",
|
"value": "contact-forms",
|
||||||
"expanded": "Contact forms and gates",
|
"expanded": "contactForms",
|
||||||
"description": "Forms to perform a contact request, send an e-mail, fill information, enter a password, ..."
|
"description": "Forms to perform a contact request, send an e-mail, fill information, enter a password, ..."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "encryption-keys",
|
"value": "encryption-keys",
|
||||||
"expanded": "Encryption and decryption keys",
|
"expanded": "encryptionKeys",
|
||||||
"description": "e.g. PGP Keys, passwords, ..."
|
"description": "e.g. PGP Keys, passwords, ..."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "police-notice",
|
"value": "police-notice",
|
||||||
"expanded": "Police Notice",
|
"expanded": "policeNotice",
|
||||||
"description": "Closed websites, with police-equivalent banners"
|
"description": "Closed websites, with police-equivalent banners"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "legal-statement",
|
"value": "legal-statement",
|
||||||
"expanded": "Legal-Statement",
|
"expanded": "legalStatement",
|
||||||
"description": "RGPD statement, Privacy-policy, guidelines of a websites or forum..."
|
"description": "RGPD statement, Privacy-policy, guidelines of a websites or forum..."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "test",
|
"value": "test",
|
||||||
"expanded": "Test",
|
"expanded": "test",
|
||||||
"description": "Test websites without any real consequences or effects"
|
"description": "Test websites without any real consequences or effects"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "videos",
|
"value": "videos",
|
||||||
"expanded": "Videos",
|
"expanded": "videos",
|
||||||
"description": "Videos and streaming"
|
"description": "Videos and streaming"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "unclear",
|
"value": "unclear",
|
||||||
"expanded": "Unclear",
|
"expanded": "unclear",
|
||||||
"description": "Unable to completely establish structure of material."
|
"description": "Unable to completely establish structure of material."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "service",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "url",
|
||||||
|
"expanded": "url",
|
||||||
|
"description": "Uniform Resource Locator (URL) of a dark-web. The url should indicate a protocol (http), a hostname (www.example.com), and a file name (index.html). Example: http://www.example.com/index.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "content-type",
|
||||||
|
"expanded": "contentType",
|
||||||
|
"description": "Content-Type representaton headerused to indicate the original media type of the resource (prior to any content encoding applied for sending). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "path",
|
||||||
|
"expanded": "path",
|
||||||
|
"description": "The URL path is the string of information that comes after the top level domain name "
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "detection-date",
|
||||||
|
"expanded": "detectionDate",
|
||||||
|
"description": "Date in which the dark-web was detected. The date should be in ISO 8601 format. Example: 2019-01-01T00:00:00Z"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "network-protocol",
|
||||||
|
"expanded": "networkProtocol",
|
||||||
|
"description": "Network protocol used to access the dark-web site (e.g., HTTP, HTTPS)"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "port",
|
||||||
|
"expanded": "port",
|
||||||
|
"description": "Port number where the dark-web service is being offered"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "network",
|
||||||
|
"expanded": "network",
|
||||||
|
"description": "Overlay network (darknet) that host the service or content"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "found-at",
|
||||||
|
"expanded": "foundAt",
|
||||||
|
"description": "Domain or service where the dark-web where found at"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "content",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "sha1sum",
|
||||||
|
"expanded": "sha1sum",
|
||||||
|
"description": "SHA-1 (Secure Hash Algorithm 1) hash of the HTML or objectName content"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "sha256sum",
|
||||||
|
"expanded": "sha256sum",
|
||||||
|
"description": "SHA-256 hash of the HTML or objectName content"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "ssdeep",
|
||||||
|
"expanded": "ssdeep",
|
||||||
|
"description": "ssdeep fuzzy hash of the HTML or objectName content"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "language",
|
||||||
|
"expanded": "language",
|
||||||
|
"description": "Detected language of the service in ISO 639‑1 Code. Example: en"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "html",
|
||||||
|
"expanded": "html",
|
||||||
|
"description": "HyperText Markup Language (HTML) used in a website"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "css",
|
||||||
|
"expanded": "css",
|
||||||
|
"description": "CSS (Cascading Style Sheets) used in a dark-web site"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "text",
|
||||||
|
"expanded": "text",
|
||||||
|
"description": "Content of the dark-web service without HTML tags"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "page-title",
|
||||||
|
"expanded": "pageTitle",
|
||||||
|
"description": "HTML <title> tag content of a dark-web site"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "phone-number",
|
||||||
|
"expanded": "phoneNumber",
|
||||||
|
"description": "Phone number identified in the dark-web site"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "creditCard",
|
||||||
|
"expanded": "creditCard",
|
||||||
|
"description": "Credit card identified in the dark-web site"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "email",
|
||||||
|
"expanded": "email",
|
||||||
|
"description": "Email address identified in the dark-web site"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "pgp-public-key-block",
|
||||||
|
"expanded": "pgpPublicKeyBlock",
|
||||||
|
"description": "PGP public key block identified in the dark-web site"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
{
|
||||||
|
"namespace": "information-origin",
|
||||||
|
"description": "Taxonomy for tagging information by its origin: human-generated or AI-generated.",
|
||||||
|
"version": 2,
|
||||||
|
"predicates": [
|
||||||
|
{
|
||||||
|
"value": "human-generated",
|
||||||
|
"description": "Information that has been generated by a human.",
|
||||||
|
"expanded": "human generated",
|
||||||
|
"colour": "#33FF00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "AI-generated",
|
||||||
|
"description": "Information that has been generated by an AI LLM or similar technologies.",
|
||||||
|
"expanded": "AI generated",
|
||||||
|
"colour": "#FFC000"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "uncertain-origin",
|
||||||
|
"description": "Information for which the origin is uncertain which can be machine or a human.",
|
||||||
|
"expanded": "uncertain origin",
|
||||||
|
"colour": "#FFC000"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -8,6 +8,21 @@
|
||||||
"expanded": "Sectors impacted",
|
"expanded": "Sectors impacted",
|
||||||
"description": "The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services."
|
"description": "The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services."
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"value": "impact-subsectors-impacted",
|
||||||
|
"expanded": "Impact subsectors impacted",
|
||||||
|
"description": "Impact subsectors impacted"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "important-entities",
|
||||||
|
"expanded": "Important entities",
|
||||||
|
"description": "Important entities"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "impact-subsectors-important-entities",
|
||||||
|
"expanded": "Impact subsectors important entities",
|
||||||
|
"description": "Impact subsectors important entities"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "impact-severity",
|
"value": "impact-severity",
|
||||||
"expanded": "Severity of the impact",
|
"expanded": "Severity of the impact",
|
||||||
|
@ -36,21 +51,6 @@
|
||||||
"value": "test",
|
"value": "test",
|
||||||
"expanded": "Test",
|
"expanded": "Test",
|
||||||
"description": "A test predicate meant to test interoperability between tools. Tags contained within this predicate are to be ignored."
|
"description": "A test predicate meant to test interoperability between tools. Tags contained within this predicate are to be ignored."
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "impact-subsectors-important-entities",
|
|
||||||
"expanded": "Impact subsectors important entities",
|
|
||||||
"description": "Impact subsectors important entities"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "important-entities",
|
|
||||||
"expanded": "Important entities",
|
|
||||||
"description": "Important entities"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "impact-subsectors-impacted",
|
|
||||||
"expanded": "Impact subsectors impacted",
|
|
||||||
"description": "Impact subsectors impacted"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"values": [
|
"values": [
|
||||||
|
|
|
@ -437,8 +437,8 @@
|
||||||
"expanded": "Actor Campaigns"
|
"expanded": "Actor Campaigns"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Credential Breaches",
|
"value": "Credential Breach",
|
||||||
"expanded": "Credential Breaches"
|
"expanded": "Credential Breach"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "DDoS",
|
"value": "DDoS",
|
||||||
|
@ -453,41 +453,29 @@
|
||||||
"expanded": "General Notification"
|
"expanded": "General Notification"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "High Impact Vulnerabilities",
|
"value": "Vulnerability",
|
||||||
"expanded": "High Impact Vulnerabilities"
|
"expanded": "Vulnerability"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Information Leakages",
|
"value": "Information Leakages",
|
||||||
"expanded": "Information Leakages"
|
"expanded": "Information Leakages"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Malware Analysis",
|
"value": "Malware",
|
||||||
"expanded": "Malware Analysis"
|
"expanded": "Malware"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Nefarious Domains",
|
"value": "Suspicious Domain",
|
||||||
"expanded": "Nefarious Domains"
|
"expanded": "Suspicious Domain"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Nefarious Forum Mention",
|
"value": "Forum Mention",
|
||||||
"expanded": "Nefarious Forum Mention"
|
"expanded": "Forum Mention"
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "Pastebin Dumps",
|
|
||||||
"expanded": "Pastebin Dumps"
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Phishing Attempts",
|
"value": "Phishing Attempts",
|
||||||
"expanded": "Phishing Attempts"
|
"expanded": "Phishing Attempts"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"value": "PII Exposure",
|
|
||||||
"expanded": "PII Exposure"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "Sensitive Information Disclosures",
|
|
||||||
"expanded": "Sensitive Information Disclosures"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"value": "Social Media Alerts",
|
"value": "Social Media Alerts",
|
||||||
"expanded": "Social Media Alerts"
|
"expanded": "Social Media Alerts"
|
||||||
|
@ -501,12 +489,28 @@
|
||||||
"expanded": "Technical Exposure"
|
"expanded": "Technical Exposure"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Threat Actor Updates",
|
"value": "Threat Actor Update",
|
||||||
"expanded": "Threat Actor Updates"
|
"expanded": "Threat Actor Update"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Trigger Events",
|
"value": "Direct Targeting ",
|
||||||
"expanded": "Trigger Events"
|
"expanded": "Direct Targeting "
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Protest Activity",
|
||||||
|
"expanded": "Protest Activity"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Violent Event",
|
||||||
|
"expanded": "Violent Event"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Strategic Event",
|
||||||
|
"expanded": "Strategic Event"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Insider Threat",
|
||||||
|
"expanded": "Insider Threat"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"namespace": "workflow",
|
"namespace": "workflow",
|
||||||
"expanded": "workflow to support analysis",
|
"expanded": "workflow to support analysis",
|
||||||
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
|
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
|
||||||
"version": 11,
|
"version": 12,
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "todo",
|
"value": "todo",
|
||||||
|
@ -132,6 +132,10 @@
|
||||||
{
|
{
|
||||||
"value": "rejected",
|
"value": "rejected",
|
||||||
"expanded": "Analyst rejected the process. The object will not reach state of completeness."
|
"expanded": "Analyst rejected the process. The object will not reach state of completeness."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "release",
|
||||||
|
"expanded": "Analyst approved the information to be released. Like a MISP event to be released and published."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue