MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [threatmatch*] jq all the things

pull/206/head
Alexandre Dulaunoy 2020-08-20 13:45:23 +02:00
parent 5a3e3c1c11
commit 92f1f72c3e
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
4 changed files with 475 additions and 476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
threatmatch-alert-types/machinetag.json
View File

@ -7,7 +7,7 @@
"https://www.secalliance.com/platform/", "https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
], ],
"predicates":[ "predicates": [
{ {
"value": "alert_type", "value": "alert_type",
"expanded": "Alert type" "expanded": "Alert type"
@ -15,85 +15,85 @@
], ],
"values": [ "values": [
{ {
"predicate": "alert_type", "predicate": "alert_type",
"entry": [ "entry": [
{ {
"value": "Actor Campaigns", "value": "Actor Campaigns",
"expanded": "Actor Campaigns" "expanded": "Actor Campaigns"
}, },
{ {
"value": "Credential Breaches", "value": "Credential Breaches",
"expanded": "Credential Breaches" "expanded": "Credential Breaches"
}, },
{ {
"value": "DDoS", "value": "DDoS",
"expanded": "DDoS" "expanded": "DDoS"
}, },
{ {
"value": "Exploit Alert", "value": "Exploit Alert",
"expanded": "Exploit Alert" "expanded": "Exploit Alert"
}, },
{ {
"value": "General Notification", "value": "General Notification",
"expanded": "General Notification" "expanded": "General Notification"
}, },
{ {
"value": "High Impact Vulnerabilities", "value": "High Impact Vulnerabilities",
"expanded": "High Impact Vulnerabilities" "expanded": "High Impact Vulnerabilities"
}, },
{ {
"value": "Information Leakages", "value": "Information Leakages",
"expanded": "Information Leakages" "expanded": "Information Leakages"
}, },
{ {
"value": "Malware Analysis", "value": "Malware Analysis",
"expanded": "Malware Analysis" "expanded": "Malware Analysis"
}, },
{ {
"value": "Nefarious Domains", "value": "Nefarious Domains",
"expanded": "Nefarious Domains" "expanded": "Nefarious Domains"
}, },
{ {
"value": "Nefarious Forum Mention", "value": "Nefarious Forum Mention",
"expanded": "Nefarious Forum Mention" "expanded": "Nefarious Forum Mention"
}, },
{ {
"value": "Pastebin Dumps", "value": "Pastebin Dumps",
"expanded": "Pastebin Dumps" "expanded": "Pastebin Dumps"
}, },
{ {
"value": "Phishing Attempts", "value": "Phishing Attempts",
"expanded": "Phishing Attempts" "expanded": "Phishing Attempts"
}, },
{ {
"value": "PII Exposure", "value": "PII Exposure",
"expanded": "PII Exposure" "expanded": "PII Exposure"
}, },
{ {
"value": "Sensitive Information Disclosures", "value": "Sensitive Information Disclosures",
"expanded": "Sensitive Information Disclosures" "expanded": "Sensitive Information Disclosures"
}, },
{ {
"value": "Social Media Alerts", "value": "Social Media Alerts",
"expanded": "Social Media Alerts" "expanded": "Social Media Alerts"
}, },
{ {
"value": "Supply Chain Event", "value": "Supply Chain Event",
"expanded": "Supply Chain Event" "expanded": "Supply Chain Event"
}, },
{ {
"value": "Technical Exposure", "value": "Technical Exposure",
"expanded": "Technical Exposure" "expanded": "Technical Exposure"
}, },
{ {
"value": "Threat Actor Updates", "value": "Threat Actor Updates",
"expanded": "Threat Actor Updates" "expanded": "Threat Actor Updates"
}, },
{ {
"value": "Trigger Events", "value": "Trigger Events",
"expanded": "Trigger Events" "expanded": "Trigger Events"
} }
] ]
} }
] ]
} }

308
threatmatch-incident-types/machinetag.json
View File

@ -7,7 +7,7 @@
"https://www.secalliance.com/platform/", "https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
], ],
"predicates":[ "predicates": [
{ {
"value": "incident_type", "value": "incident_type",
"expanded": "Threat Match incident types" "expanded": "Threat Match incident types"
@ -17,159 +17,159 @@
{ {
"predicate": "incident_type", "predicate": "incident_type",
"entry": [ "entry": [
{ {
"value": "ATM Attacks", "value": "ATM Attacks",
"expanded": "ATM Attacks" "expanded": "ATM Attacks"
}, },
{ {
"value": "ATM Breach", "value": "ATM Breach",
"expanded": "ATM Breach" "expanded": "ATM Breach"
}, },
{ {
"value": "Attempted Exploitation", "value": "Attempted Exploitation",
"expanded": "Attempted Exploitation" "expanded": "Attempted Exploitation"
}, },
{ {
"value": "Botnet Activity", "value": "Botnet Activity",
"expanded": "Botnet Activity" "expanded": "Botnet Activity"
}, },
{ {
"value": "Business Email Compromise", "value": "Business Email Compromise",
"expanded": "Business Email Compromise" "expanded": "Business Email Compromise"
}, },
{ {
"value": "Crypto Mining", "value": "Crypto Mining",
"expanded": "Crypto Mining" "expanded": "Crypto Mining"
}, },
{ {
"value": "Data Breach/Compromise", "value": "Data Breach/Compromise",
"expanded": "Data Breach/Compromise" "expanded": "Data Breach/Compromise"
}, },
{ {
"value": "Data Dump", "value": "Data Dump",
"expanded": "Data Dump" "expanded": "Data Dump"
}, },
{ {
"value": "Data Leakage", "value": "Data Leakage",
"expanded": "Data Leakage" "expanded": "Data Leakage"
}, },
{ {
"value": "DDoS", "value": "DDoS",
"expanded": "DDoS" "expanded": "DDoS"
}, },
{ {
"value": "Defacement Activity", "value": "Defacement Activity",
"expanded": "Defacement Activity" "expanded": "Defacement Activity"
}, },
{ {
"value": "Denial of Service (DoS)", "value": "Denial of Service (DoS)",
"expanded": "Denial of Service (DoS)" "expanded": "Denial of Service (DoS)"
}, },
{ {
"value": "Disruption Activity", "value": "Disruption Activity",
"expanded": "Disruption Activity" "expanded": "Disruption Activity"
}, },
{ {
"value": "Espionage", "value": "Espionage",
"expanded": "Espionage" "expanded": "Espionage"
}, },
{ {
"value": "Espionage Activity", "value": "Espionage Activity",
"expanded": "Espionage Activity" "expanded": "Espionage Activity"
}, },
{ {
"value": "Exec Targeting ", "value": "Exec Targeting ",
"expanded": "Exec Targeting " "expanded": "Exec Targeting "
}, },
{ {
"value": "Exposure of Data", "value": "Exposure of Data",
"expanded": "Exposure of Data" "expanded": "Exposure of Data"
}, },
{ {
"value": "Extortion Activity", "value": "Extortion Activity",
"expanded": "Extortion Activity" "expanded": "Extortion Activity"
}, },
{ {
"value": "Fraud Activity", "value": "Fraud Activity",
"expanded": "Fraud Activity" "expanded": "Fraud Activity"
}, },
{ {
"value": "General Notification", "value": "General Notification",
"expanded": "General Notification" "expanded": "General Notification"
}, },
{ {
"value": "Hacktivism Activity", "value": "Hacktivism Activity",
"expanded": "Hacktivism Activity" "expanded": "Hacktivism Activity"
}, },
{ {
"value": "Malicious Insider", "value": "Malicious Insider",
"expanded": "Malicious Insider" "expanded": "Malicious Insider"
}, },
{ {
"value": "Malware Infection", "value": "Malware Infection",
"expanded": "Malware Infection" "expanded": "Malware Infection"
}, },
{ {
"value": "Man in the Middle Attacks", "value": "Man in the Middle Attacks",
"expanded": "Man in the Middle Attacks" "expanded": "Man in the Middle Attacks"
}, },
{ {
"value": "MFA Attack", "value": "MFA Attack",
"expanded": "MFA Attack" "expanded": "MFA Attack"
}, },
{ {
"value": "Mobile Malware", "value": "Mobile Malware",
"expanded": "Mobile Malware" "expanded": "Mobile Malware"
}, },
{ {
"value": "Phishing Activity", "value": "Phishing Activity",
"expanded": "Phishing Activity" "expanded": "Phishing Activity"
}, },
{ {
"value": "Ransomware Activity", "value": "Ransomware Activity",
"expanded": "Ransomware Activity" "expanded": "Ransomware Activity"
}, },
{ {
"value": "Social Engineering Activity", "value": "Social Engineering Activity",
"expanded": "Social Engineering Activity" "expanded": "Social Engineering Activity"
}, },
{ {
"value": "Social Media Compromise", "value": "Social Media Compromise",
"expanded": "Social Media Compromise" "expanded": "Social Media Compromise"
}, },
{ {
"value": "Spear-phishing Activity", "value": "Spear-phishing Activity",
"expanded": "Spear-phishing Activity" "expanded": "Spear-phishing Activity"
}, },
{ {
"value": "Spyware", "value": "Spyware",
"expanded": "Spyware" "expanded": "Spyware"
}, },
{ {
"value": "SQL Injection Activity", "value": "SQL Injection Activity",
"expanded": "SQL Injection Activity" "expanded": "SQL Injection Activity"
}, },
{ {
"value": "Supply Chain Compromise", "value": "Supply Chain Compromise",
"expanded": "Supply Chain Compromise" "expanded": "Supply Chain Compromise"
}, },
{ {
"value": "Trojanised Software", "value": "Trojanised Software",
"expanded": "Trojanised Software" "expanded": "Trojanised Software"
}, },
{ {
"value": "Vishing", "value": "Vishing",
"expanded": "Vishing" "expanded": "Vishing"
}, },
{ {
"value": "Website Attack (Other)", "value": "Website Attack (Other)",
"expanded": "Website Attack (Other)" "expanded": "Website Attack (Other)"
}, },
{ {
"value": "Unknown", "value": "Unknown",
"expanded": "Unknown" "expanded": "Unknown"
} }
] ]
} }
] ]
} }

191
threatmatch-malware-types/machinetag.json
View File

@ -7,7 +7,7 @@
"https://www.secalliance.com/platform/", "https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
], ],
"predicates":[ "predicates": [
{ {
"value": "malware_type", "value": "malware_type",
"expanded": "Malware type" "expanded": "Malware type"
@ -17,100 +17,99 @@
{ {
"predicate": "malware_type", "predicate": "malware_type",
"entry": [ "entry": [
{ {
"value": "Adware", "value": "Adware",
"expanded": "Adware" "expanded": "Adware"
}, },
{ {
"value": "Backdoor", "value": "Backdoor",
"expanded": "Backdoor" "expanded": "Backdoor"
}, },
{ {
"value": "Banking Trojan", "value": "Banking Trojan",
"expanded": "Banking Trojan" "expanded": "Banking Trojan"
}, },
{ {
"value": "Botnet", "value": "Botnet",
"expanded": "Botnet" "expanded": "Botnet"
}, },
{ {
"value": "Destructive", "value": "Destructive",
"expanded": "Destructive" "expanded": "Destructive"
}, },
{ {
"value": "Downloader", "value": "Downloader",
"expanded": "Downloader" "expanded": "Downloader"
}, },
{ {
"value": "Exploit Kit", "value": "Exploit Kit",
"expanded": "Exploit Kit" "expanded": "Exploit Kit"
}, },
{ {
"value": "Fileless Malware", "value": "Fileless Malware",
"expanded": "Fileless Malware" "expanded": "Fileless Malware"
}, },
{ {
"value": "Keylogger", "value": "Keylogger",
"expanded": "Keylogger" "expanded": "Keylogger"
}, },
{ {
"value": "Legitimate Tool", "value": "Legitimate Tool",
"expanded": "Legitimate Tool" "expanded": "Legitimate Tool"
}, },
{ {
"value": "Mobile Application", "value": "Mobile Application",
"expanded": "Mobile Application" "expanded": "Mobile Application"
}, },
{ {
"value": "Mobile Malware", "value": "Mobile Malware",
"expanded": "Mobile Malware" "expanded": "Mobile Malware"
}, },
{ {
"value": "Point-of-Sale (PoS)", "value": "Point-of-Sale (PoS)",
"expanded": "Point-of-Sale (PoS)" "expanded": "Point-of-Sale (PoS)"
}, },
{ {
"value": "Remote Access Trojan", "value": "Remote Access Trojan",
"expanded": "Remote Access Trojan" "expanded": "Remote Access Trojan"
}, },
{ {
"value": "Rootkit", "value": "Rootkit",
"expanded": "Rootkit" "expanded": "Rootkit"
}, },
{ {
"value": "Skimmer", "value": "Skimmer",
"expanded": "Skimmer" "expanded": "Skimmer"
}, },
{ {
"value": "Spyware", "value": "Spyware",
"expanded": "Spyware" "expanded": "Spyware"
}, },
{ {
"value": "Surveillance Tool", "value": "Surveillance Tool",
"expanded": "Surveillance Tool" "expanded": "Surveillance Tool"
}, },
{ {
"value": "Trojan", "value": "Trojan",
"expanded": "Trojan" "expanded": "Trojan"
}, },
{ {
"value": "Virus", "value": "Virus",
"expanded": "Virus " "expanded": "Virus "
}, },
{ {
"value": "Worm", "value": "Worm",
"expanded": "Worm" "expanded": "Worm"
}, },
{ {
"value": "Zero-day", "value": "Zero-day",
"expanded": "Zero-day" "expanded": "Zero-day"
}, },
{ {
"value": "Unknown", "value": "Unknown",
"expanded": "Unknown" "expanded": "Unknown"
} }
] ]
} }
] ]
}
}

290
threatmatch-sectors/machinetag.json
View File

@ -7,7 +7,7 @@
"https://www.secalliance.com/platform/", "https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
], ],
"predicates":[ "predicates": [
{ {
"value": "sector", "value": "sector",
"expanded": "Threat Match sector definitions" "expanded": "Threat Match sector definitions"
@ -17,150 +17,150 @@
{ {
"predicate": "sector", "predicate": "sector",
"entry": [ "entry": [
{ {
"value": "Banking & Capital Markets", "value": "Banking & Capital Markets",
"expanded": "Banking & capital markets" "expanded": "Banking & capital markets"
}, },
{ {
"value": "Financial Services", "value": "Financial Services",
"expanded": "Financial Services" "expanded": "Financial Services"
}, },
{ {
"value": "Insurance", "value": "Insurance",
"expanded": "Insurance" "expanded": "Insurance"
}, },
{ {
"value": "Pension", "value": "Pension",
"expanded": "Pension" "expanded": "Pension"
}, },
{ {
"value": "Government & Public Service", "value": "Government & Public Service",
"expanded": "Government & Public Service" "expanded": "Government & Public Service"
}, },
{ {
"value": "Diplomatic Services", "value": "Diplomatic Services",
"expanded": "Diplomatic Services" "expanded": "Diplomatic Services"
}, },
{ {
"value": "Energy, Utilities & Mining", "value": "Energy, Utilities & Mining",
"expanded": "Energy, Utilities & Mining" "expanded": "Energy, Utilities & Mining"
}, },
{ {
"value": "Telecommunications", "value": "Telecommunications",
"expanded": "Telecommunications" "expanded": "Telecommunications"
}, },
{ {
"value": "Technology", "value": "Technology",
"expanded": "Technology" "expanded": "Technology"
}, },
{ {
"value": "Academic/Research Institutes", "value": "Academic/Research Institutes",
"expanded": "Academic/Research Institutes" "expanded": "Academic/Research Institutes"
}, },
{ {
"value": "Aerospace, Defence & Security", "value": "Aerospace, Defence & Security",
"expanded": "Aerospace, Defence & Security" "expanded": "Aerospace, Defence & Security"
}, },
{ {
"value": "Agriculture", "value": "Agriculture",
"expanded": "Agriculture" "expanded": "Agriculture"
}, },
{ {
"value": "Asset & Wealth Management", "value": "Asset & Wealth Management",
"expanded": "Asset & Wealth Management" "expanded": "Asset & Wealth Management"
}, },
{ {
"value": "Automotive", "value": "Automotive",
"expanded": "Automotive" "expanded": "Automotive"
}, },
{ {
"value": "Business and Professional Services", "value": "Business and Professional Services",
"expanded": "Business and Professional Services" "expanded": "Business and Professional Services"
}, },
{ {
"value": "Capital Projects & Infrastructure", "value": "Capital Projects & Infrastructure",
"expanded": "Capital Projects & Infrastructure" "expanded": "Capital Projects & Infrastructure"
}, },
{ {
"value": "Charity/Not-for-Profit", "value": "Charity/Not-for-Profit",
"expanded": "Charity/Not-for-Profit" "expanded": "Charity/Not-for-Profit"
}, },
{ {
"value": "Chemicals", "value": "Chemicals",
"expanded": "Chemicals" "expanded": "Chemicals"
}, },
{ {
"value": "Commercial Aviation", "value": "Commercial Aviation",
"expanded": "Commercial Aviation" "expanded": "Commercial Aviation"
}, },
{ {
"value": "Commodities", "value": "Commodities",
"expanded": "Commodities" "expanded": "Commodities"
}, },
{ {
"value": "Education", "value": "Education",
"expanded": "Education" "expanded": "Education"
}, },
{ {
"value": "Engineering & Construction", "value": "Engineering & Construction",
"expanded": "Engineering & Construction" "expanded": "Engineering & Construction"
}, },
{ {
"value": "Entertainment & Media", "value": "Entertainment & Media",
"expanded": "Entertainment & Media" "expanded": "Entertainment & Media"
}, },
{ {
"value": "Forest, Paper & Packaging", "value": "Forest, Paper & Packaging",
"expanded": "Forest, Paper & Packaging" "expanded": "Forest, Paper & Packaging"
}, },
{ {
"value": "Healthcare", "value": "Healthcare",
"expanded": "Healthcare" "expanded": "Healthcare"
}, },
{ {
"value": "Hospitality & Leisure", "value": "Hospitality & Leisure",
"expanded": "Hospitality & Leisure" "expanded": "Hospitality & Leisure"
}, },
{ {
"value": "Industrial Manufacturing", "value": "Industrial Manufacturing",
"expanded": "Industrial Manufacturing" "expanded": "Industrial Manufacturing"
}, },
{ {
"value": "IT Industry", "value": "IT Industry",
"expanded": "IT Industry" "expanded": "IT Industry"
}, },
{ {
"value": "Legal", "value": "Legal",
"expanded": "Legal" "expanded": "Legal"
}, },
{ {
"value": "Metals", "value": "Metals",
"expanded": "Metals" "expanded": "Metals"
}, },
{ {
"value": "Pharmaceuticals & Life Sciences", "value": "Pharmaceuticals & Life Sciences",
"expanded": "Pharmaceuticals & Life Sciences" "expanded": "Pharmaceuticals & Life Sciences"
}, },
{ {
"value": "Private Equity", "value": "Private Equity",
"expanded": "Private Equity" "expanded": "Private Equity"
}, },
{ {
"value": "Retail & Consumer", "value": "Retail & Consumer",
"expanded": "Retail & Consumer" "expanded": "Retail & Consumer"
}, },
{ {
"value": "Semiconductors", "value": "Semiconductors",
"expanded": "Semiconductors" "expanded": "Semiconductors"
}, },
{ {
"value": "Sovereign Investment Funds", "value": "Sovereign Investment Funds",
"expanded": "Sovereign Investment Funds" "expanded": "Sovereign Investment Funds"
}, },
{ {
"value": "Transport & Logistics", "value": "Transport & Logistics",
"expanded": "Transport & Logistics" "expanded": "Transport & Logistics"
} }
] ]
} }
] ]