From 99843c03e690458b74827f701e260fc33c76e1a5 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 31 Jan 2019 16:35:55 +0100 Subject: [PATCH] add cryptocurrency threat taxonomy, based on CipherTrace report --- README.md | 1 + cryptocurrency-threat/machinetag.json | 50 +++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 cryptocurrency-threat/machinetag.json diff --git a/README.md b/README.md index ad70d01..2ac1bba 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ The following taxonomies are described: - CIRCL [Taxonomy - Schemes of Classification in Incident Response and Detection](./circl) - [The CSSA agreed sharing taxonomy](./cssa) - [Collaborative intelligence](./collaborative-intelligence) - Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later. +- [Cryptocurrency Threat](./cryptocurrency-threat) - Threats targetting cryptocurrency, based on CipherTrace report. - [Cyber Kill Chain](./kill-chain) from Lockheed Martin - [The Cyber Threat Framework](./cyber-threat-framework) was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. - DE German (DE) [Government classification markings (VS)](./de-vs) diff --git a/cryptocurrency-threat/machinetag.json b/cryptocurrency-threat/machinetag.json new file mode 100644 index 0000000..10ade27 --- /dev/null +++ b/cryptocurrency-threat/machinetag.json @@ -0,0 +1,50 @@ +{ + "namespace": "cryptocurrency-threat", + "description": "Threats targetting cryptocurrency, based on CipherTrace report.", + "version": 1, + "predicates": [ + { + "value": "SIM Swapping", + "expanded": "An identity theft technique that takes over a victim's mobile device to steal credentials and break into wallets or exchange accounts to steal cryptocurrency." + }, + { + "value": "Crypto Dusting", + "expanded": "A new form of blockchain spam that erodes the recipient's reputation by sending cryptocurrency from known money mixers." + }, + { + "value": "Sanction Evasion", + "expanded": "Nation states using cryptocurrencies has been promoted by the Iranian and Venezuelan governments." + }, + { + "value": "Next-Generation Crypto Mixers", + "expanded": "Money laundering services that promise to exchange tainted tokens for freshly mined crypto, but in reality, cleanse cryptocurrency through exchanges." + }, + { + "value": "Shadow Money Service Businesses", + "expanded": "Unlicensed Money Service Businesses (MSBs) banking cryptocurrency without the knowledge of host financial institutions, and thus exposing banks to unknown risk." + }, + { + "value": "Datacenter-Scale Crypto Jacking: ", + "expanded": "Takeover attacks that mine for cryptocurrency at a massive scale have been discovered in datacenters, including AWS." + }, + { + "value": "Lightning Network Transactions", + "expanded": "Enable anonymous bitcoin transactions by going \"off-chain,\" and cannow scale to $2,150,000." + }, + { + "value": "Decentralized Stable Coins", + "expanded": "Stabilized tokens that can be designed for use as private coins." + }, + { + "value": "Email Extortion and Bomb Threats", + "expanded": "Cyber-extortionists stepped up mass-customized phishing emails campaigns using old passwords and spouse names in 2018. Bomb threat extortion scams demanding bitcoin spiked in December." + }, + { + "value": "Crypto Robbing Ransomware", + "expanded": "Cyber-extortionists began distributing new malware that empties cryptocurrency wallets and steals private keys while holding user data hostage." + } + ], + "refs": [ + "https://ciphertrace.com/wp-content/uploads/2019/01/crypto_aml_report_2018q4.pdf" + ], +}