From 8ec5e5995c1cd516e3817ae655073b49c2a9a5d6 Mon Sep 17 00:00:00 2001 From: makflwana Date: Fri, 25 May 2018 09:38:17 +1000 Subject: [PATCH] Updated MAEC 5.0 malware capabilties --- maec-malware-capabilities/machinetag.json | 298 ++++++++++++++++++++++ 1 file changed, 298 insertions(+) create mode 100644 maec-malware-capabilities/machinetag.json diff --git a/maec-malware-capabilities/machinetag.json b/maec-malware-capabilities/machinetag.json new file mode 100644 index 0000000..a1b4cd1 --- /dev/null +++ b/maec-malware-capabilities/machinetag.json @@ -0,0 +1,298 @@ +{ + "namespace": "MAEC Malware Capabilities", + "description": "Malware Capabilities based on MAEC 5.0", + "version": 1, + "predicates": [ + { + "value": "maec-malware-capability", + "expanded": "MAEC Malware capability" + } + ], + "values": [ + { + "predicate": "maec-malware-capability", + "entry": [ + { + "value": "anti-behavioral-analysis", + "expanded": "anti-behavioral-analysis" + }, + { + "value": "anti-code-analysis", + "expanded": "anti-code-analysis" + }, + { + "value": "anti-detection", + "expanded": "anti-detection" + }, + { + "value": "anti-removal", + "expanded": "anti-removal" + }, + { + "value": "availability-violation", + "expanded": "availability-violation" + }, + { + "value": "collection", + "expanded": "collection" + }, + { + "value": "command-and-control", + "expanded": "command-and-control" + }, + { + "value": "data-theft", + "expanded": "data-theft" + }, + { + "value": "destruction", + "expanded": "destruction" + }, + { + "value": "discovery", + "expanded": "discovery" + }, + { + "value": "exfiltration", + "expanded": "exfiltration" + }, + { + "value": "fraud", + "expanded": "fraud" + }, + { + "value": "infection-propagation", + "expanded": "infection-propagation" + }, + { + "value": "integrity-violation", + "expanded": "integrity-violationk" + }, + { + "value": "machine-access-control", + "expanded": "machine-access-control" + }, + { + "value": "persistence", + "expanded": "persistence" + }, + { + "value": "privilege-escalation", + "expanded": "privilege-escalation" + }, + { + "value": "secondary-operation", + "expanded": "secondary-operation" + }, + { + "value": "security-degradation", + "expanded": "security-degradation" + }, + { + "value": "access-control-degradation", + "expanded": "access-control-degradation" + }, + { + "value": "security-degradation", + "expanded": "security-degradation" + }, + { + "value": "anti-debugging", + "expanded": "anti-debugging" + }, + { + "value": "anti-disassembly", + "expanded": "anti-disassembly" + }, + { + "value": "anti-emulation", + "expanded": "anti-emulation" + }, + { + "value": "anti-memory-forensics", + "expanded": "anti-memory-forensics" + }, + { + "value": "anti-sandbox", + "expanded": "anti-sandbox" + }, + { + "value": "anti-virus-evasion", + "expanded": "anti-virus-evasion" + }, + { + "value": "anti-vm", + "expanded": "anti-vm" + }, + { + "value": "authentication-credentials-theft", + "expanded": "authentication-credentials-theft" + }, + { + "value": "clean-traces-of-infection", + "expanded": "clean-traces-of-infection" + }, + { + "value": "communicate-with-c2-server", + "expanded": "communicate-with-c2-servern" + }, + { + "value": "compromise-data-availability", + "expanded": "compromise-data-availability" + }, + { + "value": "compromise-system-availability", + "expanded": "compromise-system-availability" + }, + { + "value": "consume-system-resources", + "expanded": "consume-system-resources" + }, + { + "value": "continuous-execution", + "expanded": "continuous-execution" + }, + { + "value": "data-integrity-violation", + "expanded": "data-integrity-violation" + }, + { + "value": "data-obfuscation", + "expanded": "data-obfuscation" + }, + { + "value": "data-staging", + "expanded": "data-staging" + }, + { + "value": "determine-c2-server", + "expanded": "determine-c2-server" + }, + { + "value": "email-spam", + "expanded": "email-spam" + }, + { + "value": "ensure-compatibility", + "expanded": "ensure-compatibility" + }, + { + "value": "environment-awareness", + "expanded": "environment-awareness" + }, + { + "value": "file-infection", + "expanded": "file-infection" + }, + { + "value": "hide-artifacts", + "expanded": "hide-artifacts" + }, + { + "value": "hide-executing-code", + "expanded": "hide-executing-code" + }, + { + "value": "hide-non-executing-code", + "expanded": "hide-non-executing-code" + }, + { + "value": "host-configuration-probing", + "expanded": "host-configuration-probing" + }, + { + "value": "information-gathering-for-improvement", + "expanded": "information-gathering-for-improvement" + }, + { + "value": "input-peripheral-capture", + "expanded": "input-peripheral-capture" + }, + { + "value": "install-other-components", + "expanded": "install-other-components" + }, + { + "value": "local-machine-control", + "expanded": "local-machine-control" + }, + { + "value": "network-environment-probing", + "expanded": "network-environment-probing" + }, + { + "value": "os-security-feature-degradation", + "expanded": "os-security-feature-degradation" + }, + { + "value": "output-peripheral-capture", + "expanded": "output-peripheral-capture" + }, + { + "value": "physical-entity-destruction", + "expanded": "physical-entity-destruction" + }, + { + "value": "prevent-artifact-access", + "expanded": "prevent-artifact-access" + }, + { + "value": "prevent-artifact-deletion", + "expanded": "prevent-artifact-deletion" + }, + { + "value": "remote-machine-access", + "expanded": "remote-machine-access" + }, + { + "value": "security-software-degradation", + "expanded": "security-software-degradation" + }, + { + "value": "security-software-evasion", + "expanded": "security-software-evasion" + }, + { + "value": "self-modification", + "expanded": "self-modification" + }, + { + "value": "service-provider-security-feature-degradation", + "expanded": "service-provider-security-feature-degradation" + }, + { + "value": "stored-information-theft", + "expanded": "stored-information-theft" + }, + { + "value": "system-interface-data-capture", + "expanded": "system-interface-data-capture" + }, + { + "value": "system-operational-integrity-violation", + "expanded": "system-operational-integrity-violation" + }, + { + "value": "system-re-infection", + "expanded": "system-re-infection" + }, + { + "value": "system-state-data-capture", + "expanded": "system-state-data-capture" + }, + { + "value": "system-update-degradation", + "expanded": "system-update-degradation" + }, + { + "value": "user-data-theft", + "expanded": "user-data-theft" + }, + { + "value": "virtual-entity-destruction", + "expanded": "virtual-entity-destruction" + } + ], + } + ] +}