MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Update GrayZone to version 3.1 

Update GrayZone to version 3.1
pull/283/head
th3r3d 2024-08-16 15:24:15 +02:00 committed by GitHub
parent 805b19e65d
commit 8c59781e4a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 40 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
GrayZone/machinetag.json
View File

@ -1,7 +1,7 @@
{ {
"namespace": "GrayZone", "namespace": "GrayZone",
"description": "Gray Zone of Active defense includes all elements which lay between reactive defense elements and offensive operations. It does fill the gray spot between them. Taxo may be used for active defense planning or modeling.", "description": "Gray Zone of Active defense includes all elements which lay between reactive defense elements and offensive operations. It does fill the gray spot between them. Taxo may be used for active defense planning or modeling.",
"version": 3, "version": 3.1,
"predicates": [ "predicates": [
{ {
"value": "Adversary Emulation", "value": "Adversary Emulation",
@ -24,12 +24,8 @@
"expanded": "Tarpits, Sandboxes and Honeypots" "expanded": "Tarpits, Sandboxes and Honeypots"
}, },
{ {
"value": "Threat Intelligence", "value": "Intelligence and Counterintelligence",
"expanded": "Threat Intelligence" "expanded": "Intelligence and Counterintelligence"
},
{
"value": "Threat Hunting",
"expanded": "Threat Hunting"
}, },
{ {
"value": "Adversary Takedowns", "value": "Adversary Takedowns",
@ -126,11 +122,6 @@
"value": "CounterDeception", "value": "CounterDeception",
"expanded": "Answer to deception", "expanded": "Answer to deception",
"description": "Answer to deception from adversary is counter-deception, for example: answer to phish with shadow user account to uncover next adversary actions" "description": "Answer to deception from adversary is counter-deception, for example: answer to phish with shadow user account to uncover next adversary actions"
},
{
"value": "Counter-Deception",
"expanded": "Active counterdeception",
"description": "Answer to adversary deception and his tactical goals, example: if You know the adversary goal(extraction) You can plant documents with fake content to enable damage on adversary sources (fake blueprints of engine, which explode on purpose)"
} }
] ]
}, },
@ -155,37 +146,52 @@
] ]
}, },
{ {
"predicate": "Threat Intelligence", "predicate": "Intelligence and Counterintelligence",
"entry": [ "entry": [
{ {
"value": "Passive - OSINT", "value": "Intel Passive",
"expanded": "OpenSourceINTelligence", "expanded": "Passive gathering, managing etc. of threat intelligence. Ie. getting data from public, available resources",
"description": "Use of OSINT for creating of Threat Intelligence" "description": "Getting threat intel from open and publicly available resources"
}, },
{ {
"value": "Passive - platforms", "value": "Intel Active",
"expanded": "Platforms for TI", "expanded": "Active or proactive intel gathering, collecting etc. Ie. closed resources as private forums, gossip ...",
"description": "Save, share and collaborate on threat intelligence platforms" "description": "Getting threat intel from closed resources or trusted parties as private chats or exploitation of groups etc."
}, },
{ {
"value": "Counter-Intelligence public", "value": "Counterintel Defensive",
"expanded": "Counter Intelligence", "expanded": "Includes subcategories as Deterrence and Detection ",
"description": "Active retrieval of Threat Intelligence for purpose of defense collected with available public resources - example: active monitoring of web services to uncover action before happen (forum hacktivist group)" "description": "Focuses on detecting and neutralizing adversary efforts to compromise or exploit digital systems."
}, },
{ {
"value": "Counter-Intelligence government", "value": "Counterintel Defensive - Deterrence",
"expanded": "Counter Intelligence", "expanded": "Deterrende in cyber space as part of strategy",
"description": "Active retrieval of Threat Intelligence for purpose of defense collected with non-public resources - example: cooperation between secret services in EU" "description": "Aims to discourage adversary actions by demonstrating strong protective measures and potential consequences."
} },
]
},
{
"predicate": "Threat Hunting",
"entry": [
{ {
"value": "Threat Hunting", "value": "Counterintel Defensive - Detection",
"expanded": "Threat Hunting", "expanded": "Detection Engineering",
"description": "Threat Hunting is the activity of active search for possible signs of adversary in environment" "description": "Ideally focuses on identifying and exposing adversary activities before they can cause harm."
},
{
"value": "Counterintel Offensive",
"expanded": "Includes subcategories as Detection, Deception and Neutralization",
"description": "Involves actively disrupting or deceiving adversary intelligence operations to gain strategic advantage"
},
{
"value": "Counterintel Offensive - Detection",
"expanded": "Detect operations of adversary before they reach friendly environment",
"description": "Detection involves actively identifying and exposing adversary cyber operations to disrupt their efforts."
},
{
"value": "Counterintel Offensive - Deception",
"expanded": "Creating deception campaigns, fake accounts, penetrating adversary communication with use of deception...",
"description": "Uses false information and tactics to mislead and confuse adversaries in their cyber operations."
},
{
"value": "Counterintel Offensive - Neutralization",
"expanded": "Adversary disruption as influence operation, environment disturbance to prevent adversary operations...",
"description": "Neutralization aims to disrupt and eliminate adversary cyber threats before they can inflict damage."
} }
] ]
}, },