From 7258275fc0eaca278c8c111893754840c52d3845 Mon Sep 17 00:00:00 2001
From: matthijsvp <matthijs.v.polen@northwave.nl>
Date: Fri, 11 Feb 2022 07:40:34 +0100
Subject: [PATCH] Initial commit, adding first two roles.

---
 ransomware-roles/machinetag.json | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 ransomware-roles/machinetag.json

diff --git a/ransomware-roles/machinetag.json b/ransomware-roles/machinetag.json
new file mode 100644
index 0000000..fece729
--- /dev/null
+++ b/ransomware-roles/machinetag.json
@@ -0,0 +1,21 @@
+{
+  "namespace": "ransomware-roles",
+  "expanded": "Ransomware Actor Roles",
+  "description": "The seven roles seen in most ransomware incidents.",
+  "refs": [
+    "[TODO NIEUWSUUR]"
+  ],
+  "version": 1,
+  "predicates": [
+    {
+      "value": "1 - Initial Access Brokers",
+      "expanded": "1 - Initial Access Brokers",
+      "description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor."
+    },
+    {
+      "value": "2 - Ransomware Affiliates",
+      "expanded": "2 - Ransomware Affiliates",
+      "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed."
+    }
+  ]
+}