From bb5d823ee4d4cfce445bfbf89de8e013c169a3d2 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 6 Jun 2023 21:47:15 +0200 Subject: [PATCH 01/20] chg: [tlp] following a recurring use of TLP:UNCLEAR at FIRST.ORG The tag has been added. Ref: https://tlp-unclear.org/ --- tlp/machinetag.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tlp/machinetag.json b/tlp/machinetag.json index 09608f3..16bf3d2 100755 --- a/tlp/machinetag.json +++ b/tlp/machinetag.json @@ -40,12 +40,17 @@ "colour": "#d208f4", "expanded": "(TLP:EX:CHR) Information extended with a specific tag called Chatham House Rule (CHR). When this specific CHR tag is mentioned, the attribution (the source of information) must not be disclosed. This additional rule is at the discretion of the initial sender who can decide to apply or not the CHR tag.", "value": "ex:chr" + }, + { + "colour": "#7e7eae", + "expanded": "(TLP:UNCLEAR) Community, Organization, Clients, and Recipients are all so confused what the appropriate disclosure level is, and if this or that indicator can or cannot be shared. Assumptions are rampant and the confusion is so high that a chi-square test might in fact be required to ensure the randomness of the mess before labelling this case TLP:UNCLEAR.", + "value": "tlp:unclear" } ], "refs": [ "https://www.first.org/tlp" ], - "version": 7, + "version": 8, "description": "The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.", "expanded": "Traffic Light Protocol", "exclusive": true, From e7dd87231e3c2e6f12529fafb2907c2bc77eef6f Mon Sep 17 00:00:00 2001 From: V <45754825+vxsh4d0w@users.noreply.github.com> Date: Mon, 26 Jun 2023 15:03:38 +0000 Subject: [PATCH 02/20] Update machinetag.json Added Pig Butchering scam as cryptocurrency threat --- cryptocurrency-threat/machinetag.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cryptocurrency-threat/machinetag.json b/cryptocurrency-threat/machinetag.json index 8bba8fa..30bc2bd 100644 --- a/cryptocurrency-threat/machinetag.json +++ b/cryptocurrency-threat/machinetag.json @@ -42,6 +42,10 @@ { "value": "Crypto Robbing Ransomware", "expanded": "Cyber-extortionists began distributing new malware that empties cryptocurrency wallets and steals private keys while holding user data hostage." + }, + { + "value": "Pig Butchering Scam", + "expanded": "Cryptocurrency investment fraud that lures individuals into investing their money in seemingly legitimate and profitable ventures." } ], "refs": [ From 5d35f6b8416cf6c99b1bbf66594493fd3d584780 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Fri, 28 Jul 2023 10:05:05 +0200 Subject: [PATCH 03/20] chg: [misp-workflow] Added more entries related to curation --- misp-workflow/machinetag.json | 50 +++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/misp-workflow/machinetag.json b/misp-workflow/machinetag.json index 4e912b6..e12f006 100644 --- a/misp-workflow/machinetag.json +++ b/misp-workflow/machinetag.json @@ -8,6 +8,21 @@ "value": "action-taken", "expanded": "Action taken", "description": "Action taken during the workflow execution" + }, + { + "value": "analysis", + "expanded": "Analysis", + "description": "Result of the analysis executed during the workflow execution" + }, + { + "value": "mutability", + "expanded": "Mutability", + "description": "Describe if the workflow is allowed to modify data" + }, + { + "value": "run", + "expanded": "Run", + "description": "Describe if the workflow is allowed to run on the data being passed" } ], "values": [ @@ -39,6 +54,41 @@ "expanded": "Execution stopped" } ] + }, + { + "predicate": "analysis", + "entry": [ + { + "value": "false-positive", + "expanded": "False positive" + }, + { + "value": "highly-likely-positive", + "expanded": "Highly Likely Positive" + }, + { + "value": "known-file-hash", + "expanded": "Known file hash" + } + ] + }, + { + "predicate": "mutability", + "entry": [ + { + "value": "allowed", + "expanded": "Allowed" + } + ] + }, + { + "predicate": "run", + "entry": [ + { + "value": "allowed", + "expanded": "Allowed" + } + ] } ] } From 59ec473a5f7a44755a6098890a1ee290487bfc53 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Fri, 28 Jul 2023 10:06:57 +0200 Subject: [PATCH 04/20] fix: [misp-workflow] Bumped version --- misp-workflow/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp-workflow/machinetag.json b/misp-workflow/machinetag.json index e12f006..a33c5af 100644 --- a/misp-workflow/machinetag.json +++ b/misp-workflow/machinetag.json @@ -2,7 +2,7 @@ "namespace": "misp-workflow", "expanded": "MISP workflow", "description": "MISP workflow taxonomy to support result of workflow execution.", - "version": 2, + "version": 3, "predicates": [ { "value": "action-taken", From 8d8433399f0d00651238237be091fe63768a924f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 17 Aug 2023 14:49:19 +0200 Subject: [PATCH 05/20] chg: [tlp] fix an unclear thing in tlp:unclear --- tlp/machinetag.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tlp/machinetag.json b/tlp/machinetag.json index 16bf3d2..b80e9b1 100755 --- a/tlp/machinetag.json +++ b/tlp/machinetag.json @@ -44,13 +44,13 @@ { "colour": "#7e7eae", "expanded": "(TLP:UNCLEAR) Community, Organization, Clients, and Recipients are all so confused what the appropriate disclosure level is, and if this or that indicator can or cannot be shared. Assumptions are rampant and the confusion is so high that a chi-square test might in fact be required to ensure the randomness of the mess before labelling this case TLP:UNCLEAR.", - "value": "tlp:unclear" + "value": "unclear" } ], "refs": [ "https://www.first.org/tlp" ], - "version": 8, + "version": 9, "description": "The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.", "expanded": "Traffic Light Protocol", "exclusive": true, From 26626a3715a163e76f321c9247ea730ab12b1934 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 27 Sep 2023 09:52:44 +0200 Subject: [PATCH 06/20] chg: [circl] significant predicate added --- circl/machinetag.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/circl/machinetag.json b/circl/machinetag.json index 9091773..db88ce4 100644 --- a/circl/machinetag.json +++ b/circl/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "circl", - "description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection", - "version": 5, + "description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection.", + "version": 6, "predicates": [ { "value": "incident-classification", @@ -10,6 +10,11 @@ { "value": "topic", "expanded": "Topic" + }, + { + "value": "significant", + "expanded": "Significant", + "description": "Significant topic which has been evaluated to have a certain level of significancy which can have or had a severe impact." } ], "values": [ From 6d2ad30f7d0e747b3aa70440e61bd4735775fd64 Mon Sep 17 00:00:00 2001 From: dhondta Date: Sat, 30 Sep 2023 08:36:24 +0200 Subject: [PATCH 07/20] Improved runtime-packers --- runtime-packer/machinetag.json | 476 +++++++++++++++++++-------------- 1 file changed, 274 insertions(+), 202 deletions(-) diff --git a/runtime-packer/machinetag.json b/runtime-packer/machinetag.json index f8e91d6..8df5dd2 100644 --- a/runtime-packer/machinetag.json +++ b/runtime-packer/machinetag.json @@ -1,202 +1,274 @@ -{ - "namespace": "runtime-packer", - "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", - "version": 1, - "predicates": [ - { - "value": "portable-executable", - "expanded": "Portable Executable (PE)" - }, - { - "value": "dex", - "expanded": "Dalvik Executable (DEX)" - }, - { - "value": "elf", - "expanded": "Executable Linkable Format (ELF)" - }, - { - "value": "mach-o", - "expanded": "Mach-object (Mach-O)" - }, - { - "value": "cli-assembly", - "expanded": "CLI assembly" - } - ], - "values": [ - { - "predicate": "portable-executable", - "entry": [ - { - "value": ".netshrink", - "expanded": ".netshrink" - }, - { - "value": "alienyze", - "expanded": "Alienyze" - }, - { - "value": "apack", - "expanded": "aPack" - }, - { - "value": "apk-protect", - "expanded": "APK Protect" - }, - { - "value": "armadillo", - "expanded": "Armadillo" - }, - { - "value": "aspack", - "expanded": "ASPack" - }, - { - "value": "aspr-asprotect", - "expanded": "ASPR (ASProtect)" - }, - { - "value": "autoit", - "expanded": "AutoIT" - }, - { - "value": "bero", - "expanded": "BeRo EXE Packer" - }, - { - "value": "boxedapp-packer", - "expanded": "BoxedApp Packer" - }, - { - "value": "cexe", - "expanded": "CExe" - }, - { - "value": "code-virtualizer", - "expanded": "Code Virtualizer" - }, - { - "value": "dexguard", - "expanded": "DexGuard" - }, - { - "value": "dexprotector", - "expanded": "DexProtector" - }, - { - "value": "dotbundle", - "expanded": "dotBundle" - }, - { - "value": "enigma-protector", - "expanded": "Enigma Protector" - }, - { - "value": "exe-bundle", - "expanded": "EXE Bundle" - }, - { - "value": "exe-stealth", - "expanded": "EXE Stealth" - }, - { - "value": "expressor", - "expanded": "eXPressor" - }, - { - "value": "fsg", - "expanded": "FSG" - }, - { - "value": "gzexe", - "expanded": "GzExe" - }, - { - "value": "kkrunchy", - "expanded": "Kkrunchy" - }, - { - "value": "liapp", - "expanded": "LIAPP" - }, - { - "value": "mew", - "expanded": "MEW" - }, - { - "value": "mpress", - "expanded": "MPRESS" - }, - { - "value": "nspack", - "expanded": "NSPack" - }, - { - "value": "obsidium", - "expanded": "Obsidium" - }, - { - "value": "pecompact", - "expanded": "PECompact" - }, - { - "value": "pelock", - "expanded": "PELock" - }, - { - "value": "peshield", - "expanded": "PEShield" - }, - { - "value": "pespin", - "expanded": "PESpin" - }, - { - "value": "petite", - "expanded": "PEtite" - }, - { - "value": "rlpack-basic", - "expanded": "RLPack Basic" - }, - { - "value": "smart-packer-pro", - "expanded": "Smart Packer Pro" - }, - { - "value": "themida", - "expanded": "Themida" - }, - { - "value": "upack", - "expanded": "UPack" - }, - { - "value": "upx", - "expanded": "UPX" - }, - { - "value": "vmprotect", - "expanded": "VMProtect" - }, - { - "value": "xcomp-xpack", - "expanded": "XComp/XPack" - }, - { - "value": "yoda-crypter", - "expanded": "Yoda's Crypter" - }, - { - "value": "yoda-protector", - "expanded": "Yoda's Protector" - }, - { - "value": "zprotect", - "expanded": "ZProtect" - } - ] - } - ] -} +{ + "namespace": "runtime-packer", + "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", + "version": 1, + "predicates": [ + { + "value": "pe", + "expanded": "Portable Executable (PE)" + }, + { + "value": "dex", + "expanded": "Dalvik Executable (DEX)" + }, + { + "value": "elf", + "expanded": "Executable Linkable Format (ELF)" + }, + { + "value": "mach-o", + "expanded": "Mach-object (Mach-O)" + }, + { + "value": "cli-assembly", + "expanded": "CLI assembly" + } + ], + "values": [ + { + "predicate": "portable-executable", + "entry": [ + { + "value": ".netshrink", + "expanded": ".netshrink" + }, + { + "value": "acprotect", + "expanded": "ACProtect" + }, + { + "value": "alienyze", + "expanded": "Alienyze" + }, + { + "value": "apack", + "expanded": "aPack" + }, + { + "value": "apk-protect", + "expanded": "APK Protect" + }, + { + "value": "armadillo", + "expanded": "Armadillo" + }, + { + "value": "aspack", + "expanded": "ASPack" + }, + { + "value": "asprotect", + "expanded": "ASProtect" + }, + { + "value": "autoit", + "expanded": "AutoIT" + }, + { + "value": "bero", + "expanded": "BeRo EXE Packer" + }, + { + "value": "boxedapp-packer", + "expanded": "BoxedApp Packer" + }, + { + "value": "cexe", + "expanded": "CExe" + }, + { + "value": "code-virtualizer", + "expanded": "Code Virtualizer" + }, + { + "value": "dexguard", + "expanded": "DexGuard" + }, + { + "value": "dexprotector", + "expanded": "DexProtector" + }, + { + "value": "dotbundle", + "expanded": "dotBundle" + }, + { + "value": "enigma-protector", + "expanded": "Enigma Protector" + }, + { + "value": "enigma-virtual-box", + "expanded": "Enigma Virtual Box" + }, + { + "value": "exe-bundle", + "expanded": "EXE Bundle" + }, + { + "value": "exe-stealth", + "expanded": "EXE Stealth" + }, + { + "value": "exe32pack", + "expanded": "EXE32Pack" + }, + { + "value": "expressor", + "expanded": "eXPressor" + }, + { + "value": "fsg", + "expanded": "FSG" + }, + { + "value": "gzexe", + "expanded": "GzExe" + }, + { + "value": "hxor-packer", + "expanded": "hXOR Packer" + }, + { + "value": "jdpack", + "expanded": "JDPack" + }, + { + "value": "kkrunchy", + "expanded": "Kkrunchy" + }, + { + "value": "liapp", + "expanded": "LIAPP" + }, + { + "value": "mew", + "expanded": "MEW" + }, + { + "value": "midgetpack", + "expanded": "MidgetPack" + }, + { + "value": "molebox", + "expanded": "MoleBox" + }, + { + "value": "morphine", + "expanded": "Morphine" + }, + { + "value": "mpress", + "expanded": "MPRESS" + }, + { + "value": "muncho", + "expanded": "Muncho" + }, + { + "value": "neolite", + "expanded": "Neolite" + }, + { + "value": "netcrypt", + "expanded": "NetCrypt" + }, + { + "value": "nspack", + "expanded": "NSPack" + }, + { + "value": "obsidium", + "expanded": "Obsidium" + }, + { + "value": "packman", + "expanded": "Packman" + }, + { + "value": "pakkero", + "expanded": "Pakkero" + }, + { + "value": "pecompact", + "expanded": "PECompact" + }, + { + "value": "pelock", + "expanded": "PELock" + }, + { + "value": "pepacker", + "expanded": "PE Packer" + }, + { + "value": "peshield", + "expanded": "PEShield" + }, + { + "value": "pespin", + "expanded": "PESpin" + }, + { + "value": "petite", + "expanded": "PEtite" + }, + { + "value": "rlpack-basic", + "expanded": "RLPack Basic" + }, + { + "value": "shiva", + "expanded": "Shiva" + }, + { + "value": "smart-packer-pro", + "expanded": "Smart Packer Pro" + }, + { + "value": "squishy", + "expanded": "Squishy" + }, + { + "value": "telock", + "expanded": "Telock" + }, + { + "value": "themida", + "expanded": "Themida" + }, + { + "value": "thinstall", + "expanded": "Thinstall" + }, + { + "value": "upack", + "expanded": "UPack" + }, + { + "value": "upx", + "expanded": "UPX" + }, + { + "value": "vmprotect", + "expanded": "VMProtect" + }, + { + "value": "xcomp-xpack", + "expanded": "XComp/XPack" + }, + { + "value": "yoda-crypter", + "expanded": "Yoda's Crypter" + }, + { + "value": "yoda-protector", + "expanded": "Yoda's Protector" + }, + { + "value": "zprotect", + "expanded": "ZProtect" + } + ] + } + ] +} From 95bcc0cc5fa0cb1f54a746dd3d28d073755e28c2 Mon Sep 17 00:00:00 2001 From: dhondta Date: Sat, 30 Sep 2023 08:56:23 +0200 Subject: [PATCH 08/20] Improved runtime-packers (2) --- runtime-packer/machinetag.json | 127 ++++++++++++++++++++++++--------- 1 file changed, 95 insertions(+), 32 deletions(-) diff --git a/runtime-packer/machinetag.json b/runtime-packer/machinetag.json index 8df5dd2..87175d1 100644 --- a/runtime-packer/machinetag.json +++ b/runtime-packer/machinetag.json @@ -16,7 +16,7 @@ "expanded": "Executable Linkable Format (ELF)" }, { - "value": "mach-o", + "value": "macho", "expanded": "Mach-object (Mach-O)" }, { @@ -26,7 +26,82 @@ ], "values": [ { - "predicate": "portable-executable", + "predicate": "dex", + "entry": [ + { + "value": "apk-protect", + "expanded": "APK Protect" + }, + { + "value": "dexguard", + "expanded": "DexGuard" + }, + { + "value": "dexprotector", + "expanded": "DexProtector" + } + ] + }, + { + "predicate": "elf", + "entry": [ + { + "value": "bzexe", + "expanded": "BzExe" + }, + { + "value": "ezuri", + "expanded": "Ezuri" + }, + { + "value": "gzexe", + "expanded": "GzExe" + }, + { + "value": "midgetpack", + "expanded": "MidgetPack" + }, + { + "value": "pakkero", + "expanded": "Pakkero" + }, + { + "value": "papaw", + "expanded": "Papaw" + }, + { + "value": "shiva", + "expanded": "Shiva" + }, + { + "value": "upx", + "expanded": "UPX" + } + ] + }, + { + "predicate": "macho", + "entry": [ + { + "value": "eleckey", + "expanded": "ElecKey" + }, + { + "value": "muncho", + "expanded": "Muncho" + }, + { + "value": "mpress", + "expanded": "MPRESS" + }, + { + "value": "upx", + "expanded": "UPX" + } + ] + }, + { + "predicate": "pe", "entry": [ { "value": ".netshrink", @@ -44,10 +119,6 @@ "value": "apack", "expanded": "aPack" }, - { - "value": "apk-protect", - "expanded": "APK Protect" - }, { "value": "armadillo", "expanded": "Armadillo" @@ -64,6 +135,10 @@ "value": "autoit", "expanded": "AutoIT" }, + { + "value": "axprotector", + "expanded": "AxProtector" + }, { "value": "bero", "expanded": "BeRo EXE Packer" @@ -81,17 +156,21 @@ "expanded": "Code Virtualizer" }, { - "value": "dexguard", - "expanded": "DexGuard" - }, - { - "value": "dexprotector", - "expanded": "DexProtector" + "value": "confuserex", + "expanded": "ConfuserEx" }, { "value": "dotbundle", "expanded": "dotBundle" }, + { + "value": "dragon-armor", + "expanded": "Dragon Armor" + }, + { + "value": "eleckey", + "expanded": "ElecKey" + }, { "value": "enigma-protector", "expanded": "Enigma Protector" @@ -120,10 +199,6 @@ "value": "fsg", "expanded": "FSG" }, - { - "value": "gzexe", - "expanded": "GzExe" - }, { "value": "hxor-packer", "expanded": "hXOR Packer" @@ -144,10 +219,6 @@ "value": "mew", "expanded": "MEW" }, - { - "value": "midgetpack", - "expanded": "MidgetPack" - }, { "value": "molebox", "expanded": "MoleBox" @@ -160,10 +231,6 @@ "value": "mpress", "expanded": "MPRESS" }, - { - "value": "muncho", - "expanded": "Muncho" - }, { "value": "neolite", "expanded": "Neolite" @@ -184,10 +251,6 @@ "value": "packman", "expanded": "Packman" }, - { - "value": "pakkero", - "expanded": "Pakkero" - }, { "value": "pecompact", "expanded": "PECompact" @@ -213,12 +276,12 @@ "expanded": "PEtite" }, { - "value": "rlpack-basic", - "expanded": "RLPack Basic" + "value": "procrypt", + "expanded": "ProCrypt" }, { - "value": "shiva", - "expanded": "Shiva" + "value": "rlpack-basic", + "expanded": "RLPack Basic" }, { "value": "smart-packer-pro", From 97aba06ca5efc1d0e7dfc05309f5e7e7da99860d Mon Sep 17 00:00:00 2001 From: dhondta Date: Sat, 30 Sep 2023 08:57:22 +0200 Subject: [PATCH 09/20] Updated runtime-packer version --- runtime-packer/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtime-packer/machinetag.json b/runtime-packer/machinetag.json index 87175d1..99df869 100644 --- a/runtime-packer/machinetag.json +++ b/runtime-packer/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "runtime-packer", "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", - "version": 1, + "version": 2, "predicates": [ { "value": "pe", From cb2132f32ff75dcb18143bbdfd25aac067b4887c Mon Sep 17 00:00:00 2001 From: dhondta Date: Sat, 30 Sep 2023 09:59:32 +0200 Subject: [PATCH 10/20] jq'ed machinetag.json --- runtime-packer/machinetag.json | 674 ++++++++++++++++----------------- 1 file changed, 337 insertions(+), 337 deletions(-) diff --git a/runtime-packer/machinetag.json b/runtime-packer/machinetag.json index 99df869..4ac69a0 100644 --- a/runtime-packer/machinetag.json +++ b/runtime-packer/machinetag.json @@ -1,337 +1,337 @@ -{ - "namespace": "runtime-packer", - "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", - "version": 2, - "predicates": [ - { - "value": "pe", - "expanded": "Portable Executable (PE)" - }, - { - "value": "dex", - "expanded": "Dalvik Executable (DEX)" - }, - { - "value": "elf", - "expanded": "Executable Linkable Format (ELF)" - }, - { - "value": "macho", - "expanded": "Mach-object (Mach-O)" - }, - { - "value": "cli-assembly", - "expanded": "CLI assembly" - } - ], - "values": [ - { - "predicate": "dex", - "entry": [ - { - "value": "apk-protect", - "expanded": "APK Protect" - }, - { - "value": "dexguard", - "expanded": "DexGuard" - }, - { - "value": "dexprotector", - "expanded": "DexProtector" - } - ] - }, - { - "predicate": "elf", - "entry": [ - { - "value": "bzexe", - "expanded": "BzExe" - }, - { - "value": "ezuri", - "expanded": "Ezuri" - }, - { - "value": "gzexe", - "expanded": "GzExe" - }, - { - "value": "midgetpack", - "expanded": "MidgetPack" - }, - { - "value": "pakkero", - "expanded": "Pakkero" - }, - { - "value": "papaw", - "expanded": "Papaw" - }, - { - "value": "shiva", - "expanded": "Shiva" - }, - { - "value": "upx", - "expanded": "UPX" - } - ] - }, - { - "predicate": "macho", - "entry": [ - { - "value": "eleckey", - "expanded": "ElecKey" - }, - { - "value": "muncho", - "expanded": "Muncho" - }, - { - "value": "mpress", - "expanded": "MPRESS" - }, - { - "value": "upx", - "expanded": "UPX" - } - ] - }, - { - "predicate": "pe", - "entry": [ - { - "value": ".netshrink", - "expanded": ".netshrink" - }, - { - "value": "acprotect", - "expanded": "ACProtect" - }, - { - "value": "alienyze", - "expanded": "Alienyze" - }, - { - "value": "apack", - "expanded": "aPack" - }, - { - "value": "armadillo", - "expanded": "Armadillo" - }, - { - "value": "aspack", - "expanded": "ASPack" - }, - { - "value": "asprotect", - "expanded": "ASProtect" - }, - { - "value": "autoit", - "expanded": "AutoIT" - }, - { - "value": "axprotector", - "expanded": "AxProtector" - }, - { - "value": "bero", - "expanded": "BeRo EXE Packer" - }, - { - "value": "boxedapp-packer", - "expanded": "BoxedApp Packer" - }, - { - "value": "cexe", - "expanded": "CExe" - }, - { - "value": "code-virtualizer", - "expanded": "Code Virtualizer" - }, - { - "value": "confuserex", - "expanded": "ConfuserEx" - }, - { - "value": "dotbundle", - "expanded": "dotBundle" - }, - { - "value": "dragon-armor", - "expanded": "Dragon Armor" - }, - { - "value": "eleckey", - "expanded": "ElecKey" - }, - { - "value": "enigma-protector", - "expanded": "Enigma Protector" - }, - { - "value": "enigma-virtual-box", - "expanded": "Enigma Virtual Box" - }, - { - "value": "exe-bundle", - "expanded": "EXE Bundle" - }, - { - "value": "exe-stealth", - "expanded": "EXE Stealth" - }, - { - "value": "exe32pack", - "expanded": "EXE32Pack" - }, - { - "value": "expressor", - "expanded": "eXPressor" - }, - { - "value": "fsg", - "expanded": "FSG" - }, - { - "value": "hxor-packer", - "expanded": "hXOR Packer" - }, - { - "value": "jdpack", - "expanded": "JDPack" - }, - { - "value": "kkrunchy", - "expanded": "Kkrunchy" - }, - { - "value": "liapp", - "expanded": "LIAPP" - }, - { - "value": "mew", - "expanded": "MEW" - }, - { - "value": "molebox", - "expanded": "MoleBox" - }, - { - "value": "morphine", - "expanded": "Morphine" - }, - { - "value": "mpress", - "expanded": "MPRESS" - }, - { - "value": "neolite", - "expanded": "Neolite" - }, - { - "value": "netcrypt", - "expanded": "NetCrypt" - }, - { - "value": "nspack", - "expanded": "NSPack" - }, - { - "value": "obsidium", - "expanded": "Obsidium" - }, - { - "value": "packman", - "expanded": "Packman" - }, - { - "value": "pecompact", - "expanded": "PECompact" - }, - { - "value": "pelock", - "expanded": "PELock" - }, - { - "value": "pepacker", - "expanded": "PE Packer" - }, - { - "value": "peshield", - "expanded": "PEShield" - }, - { - "value": "pespin", - "expanded": "PESpin" - }, - { - "value": "petite", - "expanded": "PEtite" - }, - { - "value": "procrypt", - "expanded": "ProCrypt" - }, - { - "value": "rlpack-basic", - "expanded": "RLPack Basic" - }, - { - "value": "smart-packer-pro", - "expanded": "Smart Packer Pro" - }, - { - "value": "squishy", - "expanded": "Squishy" - }, - { - "value": "telock", - "expanded": "Telock" - }, - { - "value": "themida", - "expanded": "Themida" - }, - { - "value": "thinstall", - "expanded": "Thinstall" - }, - { - "value": "upack", - "expanded": "UPack" - }, - { - "value": "upx", - "expanded": "UPX" - }, - { - "value": "vmprotect", - "expanded": "VMProtect" - }, - { - "value": "xcomp-xpack", - "expanded": "XComp/XPack" - }, - { - "value": "yoda-crypter", - "expanded": "Yoda's Crypter" - }, - { - "value": "yoda-protector", - "expanded": "Yoda's Protector" - }, - { - "value": "zprotect", - "expanded": "ZProtect" - } - ] - } - ] -} +{ + "namespace": "runtime-packer", + "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", + "version": 2, + "predicates": [ + { + "value": "pe", + "expanded": "Portable Executable (PE)" + }, + { + "value": "dex", + "expanded": "Dalvik Executable (DEX)" + }, + { + "value": "elf", + "expanded": "Executable Linkable Format (ELF)" + }, + { + "value": "macho", + "expanded": "Mach-object (Mach-O)" + }, + { + "value": "cli-assembly", + "expanded": "CLI assembly" + } + ], + "values": [ + { + "predicate": "dex", + "entry": [ + { + "value": "apk-protect", + "expanded": "APK Protect" + }, + { + "value": "dexguard", + "expanded": "DexGuard" + }, + { + "value": "dexprotector", + "expanded": "DexProtector" + } + ] + }, + { + "predicate": "elf", + "entry": [ + { + "value": "bzexe", + "expanded": "BzExe" + }, + { + "value": "ezuri", + "expanded": "Ezuri" + }, + { + "value": "gzexe", + "expanded": "GzExe" + }, + { + "value": "midgetpack", + "expanded": "MidgetPack" + }, + { + "value": "pakkero", + "expanded": "Pakkero" + }, + { + "value": "papaw", + "expanded": "Papaw" + }, + { + "value": "shiva", + "expanded": "Shiva" + }, + { + "value": "upx", + "expanded": "UPX" + } + ] + }, + { + "predicate": "macho", + "entry": [ + { + "value": "eleckey", + "expanded": "ElecKey" + }, + { + "value": "muncho", + "expanded": "Muncho" + }, + { + "value": "mpress", + "expanded": "MPRESS" + }, + { + "value": "upx", + "expanded": "UPX" + } + ] + }, + { + "predicate": "pe", + "entry": [ + { + "value": ".netshrink", + "expanded": ".netshrink" + }, + { + "value": "acprotect", + "expanded": "ACProtect" + }, + { + "value": "alienyze", + "expanded": "Alienyze" + }, + { + "value": "apack", + "expanded": "aPack" + }, + { + "value": "armadillo", + "expanded": "Armadillo" + }, + { + "value": "aspack", + "expanded": "ASPack" + }, + { + "value": "asprotect", + "expanded": "ASProtect" + }, + { + "value": "autoit", + "expanded": "AutoIT" + }, + { + "value": "axprotector", + "expanded": "AxProtector" + }, + { + "value": "bero", + "expanded": "BeRo EXE Packer" + }, + { + "value": "boxedapp-packer", + "expanded": "BoxedApp Packer" + }, + { + "value": "cexe", + "expanded": "CExe" + }, + { + "value": "code-virtualizer", + "expanded": "Code Virtualizer" + }, + { + "value": "confuserex", + "expanded": "ConfuserEx" + }, + { + "value": "dotbundle", + "expanded": "dotBundle" + }, + { + "value": "dragon-armor", + "expanded": "Dragon Armor" + }, + { + "value": "eleckey", + "expanded": "ElecKey" + }, + { + "value": "enigma-protector", + "expanded": "Enigma Protector" + }, + { + "value": "enigma-virtual-box", + "expanded": "Enigma Virtual Box" + }, + { + "value": "exe-bundle", + "expanded": "EXE Bundle" + }, + { + "value": "exe-stealth", + "expanded": "EXE Stealth" + }, + { + "value": "exe32pack", + "expanded": "EXE32Pack" + }, + { + "value": "expressor", + "expanded": "eXPressor" + }, + { + "value": "fsg", + "expanded": "FSG" + }, + { + "value": "hxor-packer", + "expanded": "hXOR Packer" + }, + { + "value": "jdpack", + "expanded": "JDPack" + }, + { + "value": "kkrunchy", + "expanded": "Kkrunchy" + }, + { + "value": "liapp", + "expanded": "LIAPP" + }, + { + "value": "mew", + "expanded": "MEW" + }, + { + "value": "molebox", + "expanded": "MoleBox" + }, + { + "value": "morphine", + "expanded": "Morphine" + }, + { + "value": "mpress", + "expanded": "MPRESS" + }, + { + "value": "neolite", + "expanded": "Neolite" + }, + { + "value": "netcrypt", + "expanded": "NetCrypt" + }, + { + "value": "nspack", + "expanded": "NSPack" + }, + { + "value": "obsidium", + "expanded": "Obsidium" + }, + { + "value": "packman", + "expanded": "Packman" + }, + { + "value": "pecompact", + "expanded": "PECompact" + }, + { + "value": "pelock", + "expanded": "PELock" + }, + { + "value": "pepacker", + "expanded": "PE Packer" + }, + { + "value": "peshield", + "expanded": "PEShield" + }, + { + "value": "pespin", + "expanded": "PESpin" + }, + { + "value": "petite", + "expanded": "PEtite" + }, + { + "value": "procrypt", + "expanded": "ProCrypt" + }, + { + "value": "rlpack-basic", + "expanded": "RLPack Basic" + }, + { + "value": "smart-packer-pro", + "expanded": "Smart Packer Pro" + }, + { + "value": "squishy", + "expanded": "Squishy" + }, + { + "value": "telock", + "expanded": "Telock" + }, + { + "value": "themida", + "expanded": "Themida" + }, + { + "value": "thinstall", + "expanded": "Thinstall" + }, + { + "value": "upack", + "expanded": "UPack" + }, + { + "value": "upx", + "expanded": "UPX" + }, + { + "value": "vmprotect", + "expanded": "VMProtect" + }, + { + "value": "xcomp-xpack", + "expanded": "XComp/XPack" + }, + { + "value": "yoda-crypter", + "expanded": "Yoda's Crypter" + }, + { + "value": "yoda-protector", + "expanded": "Yoda's Protector" + }, + { + "value": "zprotect", + "expanded": "ZProtect" + } + ] + } + ] +} From 84fd2955348b2b439466f4910b39d94591ebcb65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 4 Oct 2023 23:41:32 +0200 Subject: [PATCH 11/20] chg: reorder predicates for tests --- runtime-packer/machinetag.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/runtime-packer/machinetag.json b/runtime-packer/machinetag.json index 4ac69a0..4057e37 100644 --- a/runtime-packer/machinetag.json +++ b/runtime-packer/machinetag.json @@ -3,10 +3,6 @@ "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", "version": 2, "predicates": [ - { - "value": "pe", - "expanded": "Portable Executable (PE)" - }, { "value": "dex", "expanded": "Dalvik Executable (DEX)" @@ -19,6 +15,10 @@ "value": "macho", "expanded": "Mach-object (Mach-O)" }, + { + "value": "pe", + "expanded": "Portable Executable (PE)" + }, { "value": "cli-assembly", "expanded": "CLI assembly" From b42760a412086a54369ad9bd8275f53b6d98dce5 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Mon, 16 Oct 2023 17:46:39 +0200 Subject: [PATCH 12/20] add: [doping-substances] New taxonomy for doping substances - Merging from original work by @Chaamoxs & @WooZyhh - Added also an additional predicate that was skiped first --- doping-substances/Misp-logo.png | Bin 0 -> 10376 bytes doping-substances/README.md | 44 ++ doping-substances/gen_taxonomy.py | 63 ++ doping-substances/machinetag.json | 1006 +++++++++++++++++++++++++++++ 4 files changed, 1113 insertions(+) create mode 100644 doping-substances/Misp-logo.png create mode 100644 doping-substances/README.md create mode 100644 doping-substances/gen_taxonomy.py create mode 100644 doping-substances/machinetag.json diff --git a/doping-substances/Misp-logo.png b/doping-substances/Misp-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5f2d4dd577987fbaf4b5a0028cea64e69ae58eb0 GIT binary patch literal 10376 zcmb7qWmFtZ6eVsU!8J%A$l&f491?7B4LZ2HTW|@%T?Y>q+%3V~8Jys5!EO87-Cz4- z&+eQv)7{f0T~+Vhd*7>$R8f+Bi$RJ32M707UQS9C4i5gm^WSJFz^}KSAv|zEa*>c% zM*}{-Xl4<>HM*mmjtd+dmhpdI_)@VFE8tHOS7~imH3xH74`XKtoQH=8tChWti>a|A zgw?^>BJ)(36b|kKoV=8{x@Xo&wwEWtPRD>)mwfN{X04-M6O|RT4~)9DRt8lann!Mt znpEjSADaJ8_jy+*7tAf)xZ{+w{1{R|m?msuZMxPhIwb^CFQ)ysD}KG{v4%rAek78CD(Payi}S1cS;7l6l1OH!C&AXrfMNwSrmTJj+?%shAH`8 zI+D|Uyj9$;p zL*YY`ak-8myEQ}wDG6-<-PcfLaY15@)(tO46vF&X+2s0na|BA5fE81UY{_Xc+uqP* zl?c*(xa)L!ZT8W-iO`i3os-&`H-gLid1eacad=zf3I<6|>=xBX>@ov`z&2B6qmATtzYt%+9)D!PZ_wWuKtaw) zQ@jLrxJ5Frodi2XvMkgJ^e z@a*uVM=5;DjX&wk3Ub3fI?BzG_Da2%#@QO!CvQMe9C!U$<86me8cWBr1mY%D)U5|w za%a?ALMJV`t)^u1r!1!nVkMwch0^asWuWrWycn@EiG=_63aS(haEkSyMWjoikRnDx z8{XmJTMd8Pm~Qz9b-bGqsS8jqHOH(fqN$&r0yzZD6yKMen7~@6MkB;aw4ElZ2<|hn zX}8m74s>E{XRnh3*VrLOhm-WM{C+>@Po7!~Uef4nY=8*}dCex{d5?`!o7Xp)CvlqT ztYN6|3z_^nQmZ`C<_WlFD8R((tEnRDdjz?ST`p~Q$-8$xhz@Hy7`ot5H(~eU+aW7c zbJ*M$ew?Ql5?gv4z=k9Vb!)ZiYGSzaE~wwgyE(hgEE$4k8yJ+jP!IWbgiw5M`xsE| zClWg=fJOeZJp)3j($!S+Qf@se->uwdD_`ewJ+XWJK1KMxqy994Z^nSX)@h9BZG6{M zD6$WJxs&vm~x@yAny+t*Qp8$2uAmX z@yovJrSQ5gtSYkv>1jyaQA?Z3k>^`kBf+sk%TG4b=}3VH1V_u>h(GG*!AO`y-z@sM z8?x{lu*n`A)l}TTWc&*&8t)4r(m$HWOwuWs}h78>{ z!Fqn%<@&>n*bvbtW^0@!kT+?8rrCqLL)_(@p)-S0q&NRE_fJ;g^11M?9hH@;O3H`m zTE*?#)s~2=*|f`vW^gRa92jF#W@<*Ie_B7mF29{*G1*RVozHn`Q%`EA;3}DCLH%@; zcdGnNoV7*`b@(MlI6Keq-v;nM_M`&ZRM(?1Dk1Ez6TAjC6?Sf{J0vapNh>dn`~nBe zA7rI;nt7ur!l)QaQ0 z_l-e)Y5D*vIZ!ITlT4xRzi3HHg^qtz?mUa_gwc^6+U+BfB}#fB_eETjQ|Q3J1Qn5J zn~NN8<}D1kR2-F9`xuh_TJPeXXUU?NmOHn$s?9Skf8aba(*D8h4Ck9 zer$ooWpa6O$`MzK<8hYTH%u^vK^oCEQ+m1;i}}ANo)V}W(XU04Tt4@c_L7Ire`7T1 zLBD1!2pt`XhL3P8q5CaQuIg$d4g)Xd*PUgorI+(Lu=xQ)X`mgMB~6?7i$qJ6L3kTFnZZyrt$QQ!J7TioZavvHu-U<%~(& zwZ*W-S?fOjz`YIzr4%eGqno}ZW<$|wx)n0UDw@p#T1!k;jU%OI`{QexEq6@Jv3>XQ z?T!@N++r2oKc)!4N~}O#6Jl}U@UzE(Z&^mf{r5i>It<$8Xc+DAGoHm22?((EBR#%u zUoeP?ODU-Y8sCWr-7{4*b<=)G1&M*AIL|T;7?GJuvGg>1Z-S)QASlRDDu*^SiZ=>ZBFMT*z;@oe%U0WnxSgbd?(Hia9r;w# zSPGQ1*x&KQ&Pst_Qn*%&>X)O7Hku+Mn{}>Z(^Y zI)*d7@!#}j_4dcxobJ-%hF5WwM~}XEu_?wLj}40)gAYEb8-c((rDl@-D_8$n)jKUkml#KW@*WbEy&Ct zeo_M)Z_{8!bsc4njN-iS9jv71`fn8fNb0fq1%P4&u?21UvsMO&V6AqOh*ozi#U0bl z$io(OFPjPc-0Mv^m1`vg7@CVy=lJ;WEL`(-t7st^BI^L3CTfOy*jV!U9 z%zD=FK|e@R3bUb_lItD!A2H3yEP9mR1@i-3`X`(6 zIqeWGM*K@K%bjsyW8lsY1uAHp-0;zecKEAkl4WXj-n`NsfvQ@33uK)%BL%e>?9(BV z3hHLJ2JfZ$Bznq7zCOHjoVk?$ZIHa|bC%n^Pd07U8a(kHOi;P!?TXhwuEU2$oVi=e zTXZLV|8DDiH)A-AOcBAz?fU_D%S_|MWPp8CxuXGepYG4Y9bRDVtX8QssKwpOZfC@R zZS0ktn9o&&QjySBZeb`(*%g@4Je9Hx^7qNAMBEFQVwD2;iGjNrzf(UPhO%Eyn?(%T zfC;OC3C*LK0=efkHyEyq%Cc6IzkIseNmi6vB=hdf*al^RqKS%Hr-+rXAjeNyShiP8 zOO>H{6u4sUlATaSS-vWPFOg3;&%HxT7+(#*YF@5H4@s>tFTri_cK&^3*up9%rCb>{ zVYylnlShz-->=NnP1|i*Ip2exK%W!QxGg_Z#%~2VXdW->H`x9?mwlt-dR6%Q6dTNk zV6_lAYZll2>_hSJ&=G$$sTenHQQDNR>^t{!khsq1*=UY1vuq;^0e^ssSegk$O8Hd4`GZaT%;bxCWLD& z_+zd%2;;s0|Nh~*^&o#LWHb%=2=(#TqB1xu*NSwVPo|1JymGXpsw&S0pHy*>xx;L~ ze^)-42n5LrqlQ+##grs)yOIQ2O{7m*c&Astu)$X@)hv3_P7KDwfHLyA&PYNT;54r0 zPuV^{W7o*7QC`@)DDJ!UGIOsJa!4s7`r!iIBDiJuvS)pMs( zmQBf6Bx-AIy+qismNUF4aD;MlcoJY3@)KP%Q*TjU%?mu+ng9^&pLBkwzZ3)ne#-wY zlzBI3km(b~Qi7v+L$I(lH-GjGZ`^-{K%)1?vmf2l1Z@rvm6+A~C)uwQBrxv=Z|8Pv zIU58BqwQWiy93AGoOSxxuwTZ%k1QBw=en)7^U=$Uph3(x zp#vk*ERJM*(5h_<9k(0_>)+FkfO$U|Rz4?Snr|BsSJXYdb;uk4!vLgLb5o1If!7DJkh%tghlO zyqnB@Y$NYMuhU%$@ALA_VuAbU=f*SbAXTyaA9U~^FjWTCIi7YJQl2ZUmQppfv~C$o z!zSaM3TBztQ~4A}UUHX~hR9{8xN{TYz;Q=g4zH8!EIzpBee74v1k59crWuI=VWsq- zdT|=@4YQE@=Lal(9h>DX===;M#Ce06V|IN^(C21*DDn2Yt|~_Y78Hc)PoQaD3^_x8 z^3c9d#+}nL;Q2%q_wmp>%3*qP^Y2v>1m>~aD8g>dL1mPeHchDZQ*ow~+nS?Krt>dI ziGxL`;%5Kk)09lbPIQ@C$<0xd-$1T-KM*zIN%bUi46^Sk}(xVMBgVYy1BVkXIHlQD<5z-y~Ft?rkEit@T|E{8{DnTGV=0u zRxm2mm$c8no4kdNmu2~bW$(Y{{VD%v6n)f$t0?*SyxGdD!y~=_bO44u&sgi3R3(&n z@HWmd$_h5Hmq9qlV>e`?GY=oJLe}v8_(w^T!@9T6EaPSHpdHY&tTf9<>q|R)l=CCc zlMki}Bd4l%h4t}5L8^yjPoM4~ctouF#L>EPIr}>wuer=e_nml_Z}9)dQ6lQ6Lo#yV z3=Y>p(sYU$-gy#q(v=_ICzUe9#@6uxr_~@O-7fzb0`N#gf<((Umcq!3J{?j2?|Pfd ziV_gVu<5Hf!}SoT%)!>OS{NYc2!`ka`yc+FF8tGg;m zyTPhm_?ukWB^V@uChWaNM(o%x`uOp00x3xJz?M*c+&el)iv$-jR1|zorHedun7EuA zo|m+L;y4XlM#gRx>OA6Au~N3Tn~lw}e$gy`h?@M|6CTCQN?4mdU#lI5^lX#Cf?^AU zOO1@|Ss6wZq9~=w)JMSRXLMkz$sob;P7B?ejT=?=^n+_C7(S zm39u9DII^fkL%hR(hy60`gCmU$LhWW2@}?J#Q7(1K;Rx>iId^VUK(I z@Z?n0!?Bu6Mp__cgY%h#$@*=s^gHQo^TLY0`a_B)=A)!if}OCe?3awu{kfm1Rbb14 zqF=xK(Q9a|$%o?6F}4`$#$UccbaV!+q(ZHh)UbIt3Xj)v0oT}TOYl$wS|u4ywF%4y zAIU}jB`b>JmO9=iM`SAH7FJDQl(gRg~;5$D1!ITU0^I`mmjh@)ePNyp^o8x^99K96R%~4OG&1;)2=_CyilVIU3uea9#GG?g6_PS&@p%E6NXKL;L z8o3SlY-+mo_*L>bwzKO9PTX2WScYS+M(QxiYmgh2Hz{@GkBMOb6gz}McC$qZ5!?K% z25T|rs6H&sLVjj;wtmd*XwNIh#apk1gSc-Fbc$N=mB~cgu9950+4WC_n*V(&rw&5} z{g3L+DTZ#wU}@{tVK$Kk9Wn{g)r5POy-sm#byvPmienI2(w$%E1u<+4v#EiI7(eA= z;c{4P(~UpcyuIjJndE=GE=|UNR^Phb+lE`Fr7K8n2!18H--iGr##@ zg~H8^t#!sD<2hqbXXRp}pA>U{DmyZ&&F7@aMWd$$maP#}Bs!gsKYv z5hUvd^~N98ZH_sY>_O;Df!USp@-Bt~V{{pV`RcZwk5O7Xi?F2|RYd~>rClMv2iGnDcf1zd?634Ke9yk_Jm$^1erTt4 z!6!LE(-M~BiuwsWhn7{MoZ?r>W|0LiSp6|2!c3h45FznV9BGt=)zIr_JHhluLH0mUk59a--N8)BVTv z@5JZ>Xosh16WPTOvEWh*=`ssmOp;pWM9TlEO#Giwl}^h~SMQM7F~rN|IZ^v>=ag_@ ze^cvPR&M#48XN69Z`XXprk$`2N~(Um}@mwZB}zE;w06W`9%eRVVNNm z&;{nffpKRKl8|Cak*So2*QVM$?h}p8OBvo_H1;O%2`-}}{8GK3VQ>269QA!k_eeA3 zO~L$>^vjA`YShswzAJ<9gc}7SX+qW#y#8*BQk?CVjAB0qYChRY=ufo%;8GsTOG$hi zbALQfrp-lHzzL-CXq~NXP7<*TmPv($*GTzm&T^rI`9oO9e1MOL(xiRw%q;3wegkN; zG-0nxBaSZ3)pr%i!qK1A4lw?IlZp5%GHJ%Mp*zouRhK`f4T~8d z)Ow*por7a+P{uCp2vq4+6P?s&X@&p_3CL_l?FLJanCV(OOvL%NA}3@Gu2jx(wI$jw zU;z{&0Ja&zY+%r&D`~E36b8uDv28Wy;I499B;yWgT#G_2Ss zj}MMfLVv-J)YJQNd+6J;Z?{GTsjg+fFln>STXp@D%)JOWtF(^wNEOIUgNmg8yDoAx7K)4&P!WD9Cd-gL*bn9 zDFt2hJncj5a-*FWs7icB64NAPqCt@sLcw&@)6I4ehpp>W@ zr0vkg##;K{WMeAB&B{{GA7k1Z?Uv_Fn{J|`oQ-7UyzI~za$RQ;U*AiJMjCII-NA1X zTZ658wzg`$zC7P*mYYz<8~8}VM7!7WZot$#ch=FIv*wZ{naL(~ z#&>6StF6}!p>K$GE3am+4qq|%vCnX&U0u|G%??QqbL;xe+=K<895-b08{bgx$mn#{uUS&@;g&x;r;`LNK3*r2+()L|7~F${mp!P24A7< z{PMorL6TJs54RYCh47u4{k{ijs(=#VY(VUNP;$;up^U!x4cmrZH}`axuzPw+ zN0gCxfgTWfa@mSx^gXRG^eo%+9vpgbg;25cd$ukB{T}+UD0+L0afYGX& z=-yCtI}EPSaIfMUKqp=M$&siwhqTe35{(9`@-LKG^S4&BM-CSCnOZ^%g}9>5;5>@? zwd5~F_+MmdD)bmX2lx%<^ra?{=^^MR*@jTB{eE@ZFfsD=FG@zaU}5~6lOzLB;4s5j zF(e@E@2pVHk?@oT7?7;+bnrwtwjND*+Q`CKE2}ya%~r5=n#HfxBFdgsS0Pp~0wj^s z^$(ti?~o`i_4k(Wyb(Q9Qd{vQuZCSULhtgW@k<-=W?h+{ElH zpx7eLDQi>W|luy2`eK@B%x#kGj8gcjO!$1FJS-kE z=-FFlingXs1hBXhz3J&X%^kQ&R$=5T>WZ>s;?hjMwVm#bTrld(8-`*2j18)nPAga! za@Dy${oFg95`+MGCsvM$x}XDqJFq9NRzqx9={!wK{*KpT0r*NrTi>uAs2^X3|1rq(7wm@U^x_ht_r zbMsG#+5m1lW*0>FMjGi>04!UvD9AMcAH8phdm?}{=q_6hkHn>fr-*>dyUxw>h!C9d zg)vc1;qk4J)6*C(;T~eN!iZ7@2|+?EjbYT;V=*MxO4nWVD`yj2-M%mVt<{CHwmQ5r z5G&fI94Mhs6hP%aHGf00Kzx;yO|+ay?_Moa>bKEho1UUs;zIC@!SCuY;fk_3ShSVv zmj`T>CEB-|x-^V#E71qLdTbQ&fu_a&V^6Gp>h=oSMv&(W9l2hR7Frlt?uTo~-Cy0e zoP%s^e=-?|=Kly|coKV#)E|2lLkw+nZ-_XbmS^G*8l%?7CZ+VyJFDr@);7kF6g#9) zaR0o8{GK=^(tp!f%m6FTNYiA!=G_DbI!{4`${FU2(5ItmIu?$gUOB2)4@3%y|Cqp5%8|oZ#S4 z@Be!jK(MdHFEH`~tJ{30_BAzcH6WnTkNU(jH&3!XedENP>4&!7GAe)cHn`mZdu8Ol zn<>)HW2W{N(O==*pkWVbrgp%qs*YbWyDhh@3H<^6>qkq`82W9Nzv!bUc~-EJcwtB9_u?~0;NW%GLLg;=$wI3Mca)9r!o67+)=VuWouvoe4K3yn z=la`j?cI1*D{7>Hp802sf~A5hi^+!H*@NHIXo`ZC!A%TWtdh(*}I3QXpA zFumm>pe6!5KHU9YOu;B3vZ0(xetIp9dZL;ZQ}}76{x}v%=*}%~F~;PrIQ?IG&#D<9 zLjpzW*f=3cfUKp`XZ$&R+IoGmPT!U4LqTA#{jHZXaLy=l3#2oQBU zSAUFq_t73dwBLmsaHIny#o)}r3JlDi!EsYy$iVm=YC)G;kyQIRN6Y|ohzKfCzfX|3 zqNl^5WZ(}}KJ$3=48uCG#E;DWo_)dUXjLm8GbE_n)}45wNS*UaI8&QTw;y6V@q^|d zPAPs5PyV}@)FiVg@S;2;?l&^nN z$oJL;UQq1m1{>GgQpoJzu@fbE)>*V#!D72ZySZ>L zG{kmfDw&f1rSUm`fRi=TnfE_=rC;m$$K4{!5@rxPh7M>y98A3z0IDY7>2c}@eg;XZ z(k#d2MXmoZ=79OWlE*NLwq2hUo;EAV^4@xDe218QDfdYjEyO*OFHcpqkX(=-Vd90# z?IujRLFL@)u6pPteJ&_xbLH%CDeHkoA@ZmFhQ@qWaKe$j-3!^5BZ#*Q>K1PlX!wB`q`#fI3=hlf0&ANvvd=Fax^y){_|MHN)MpPB;m^Q zXwkgqynhMDLF%Ec#k^y!S#-%}X~W7$Syi~)H80*4EXN~EUrCHblKd0NQ}j(pKJnip zBLNhI#D<62(qN&yftqtf^WJA7#B6Jc5`IQ_LEcx*)sm=~N{3y&+&?jkon;w`&}>nl zDQ#m@F@{R+TJudN2gCP(1($5uB}#Udwiw*94macpHbq3NEnK#0awHGR4Q(vYH+#kfyvL0e;tY>gIv)3w`H-p)pi@cJd%=!*MuSP6hrvDsYt<8FWo z%tn9?qOBzouYMsxY6w>dn?6OPPt;z6C{SXy*d*#YDzwkn7purNi z&%JrK@u+j?8<#iyD#3eDyDbyknMtlw{KzB@a<7$#+;5{IxmXKsO(4~|v@Kh&GhFCf zlbdfGH?$SmxV`kxGkQDoef22&^LP9MHRNB+N=|;9{+|;`ax_=Vys534DKqOnB;hzPsG&tY*4N)@e*JEXs z$0dbHs}=<9{T8LxJtLB#*Ln3!nl{(tBp=$yHQv1W`eT&f!BHHfXF1CL>fE!I@o#_? zOwf9MYov$i5;_!4W*pEhaLLy?DkdDQ$%B>3H8v^ox8gcyNQ?IbZ_`plGV|C>$ix+G zL~1NOlFF=LzY}Tv^c++xrYr-M6-;Q!!(rq=x^BwV1&Af0@`|6oY;2lcmHnmT$ldQbHYe literal 0 HcmV?d00001 diff --git a/doping-substances/README.md b/doping-substances/README.md new file mode 100644 index 0000000..db4ba68 --- /dev/null +++ b/doping-substances/README.md @@ -0,0 +1,44 @@ +# MISP_DopingSubstanceTaxonomy + +This project aims to gather information about all the prohibited sports Doping Substances. + +We collected all of the information on the [WADA website](https://www.wada-ama.org/en/prohibited-list). + +To do that we have created a python script to scrap this website and generate a JSON file (Taxonomy). + +This Taxonomy could be add in MISP to help sports organizations to fight against usage of doping substances. + +## MISP + +![logo](Misp-logo.png) + +What is MISP ? + +>A threat intelligence platform for sharing, storing and correlating +Indicators of Compromise of targeted attacks, threat intelligence, +financial fraud information, vulnerability information or even +counter-terrorism information. Discover how MISP is used today in +multiple organisations. Not only to store, share, collaborate on cyber +security indicators, malware analysis, but also to use the IoCs and +information to detect and prevent attacks, frauds or threats against ICT + infrastructures, organisations or people. + +## JSON Generation + +In order to build the JSON file, we created a Python script which scrap the WADA (World Anti-Doping Agency) ‘s prohibited list. + +Thanks to BeautifulSoup, a useful library that helps a lot when it comes to scrap HTLM documents, the script is able to get all the list of doping substances. + +The file is created with PyTaxonomies, a MISP library that help to create valid JSON file according to the [MISP Platform](https://www.misp-project.org/taxonomies.html#_misp_taxonomies). + +Finally, the script generates all predicates (doping categories) and the entries associated (the doping substances themselves). + +## Installation + +If you want to try it out yourself, you need to have both BeautifulSoup & PyTaxonomies installated. + +## Authors + +DELUS Thibaut : https://github.com/WooZyhh + +JACOB Lucas : https://github.com/Chaamoxs diff --git a/doping-substances/gen_taxonomy.py b/doping-substances/gen_taxonomy.py new file mode 100644 index 0000000..aa205da --- /dev/null +++ b/doping-substances/gen_taxonomy.py @@ -0,0 +1,63 @@ +import json +import requests +from bs4 import BeautifulSoup +from pathlib import Path +from pytaxonomies import Entry, Predicate, Taxonomy + +CONTENT_URL = 'https://www.wada-ama.org/en/prohibited-list' + +TAXONOMY_DESCRIPTION = 'This taxonomy aims to list doping substances' +TAXONOMY_EXPANDED = 'Doping substances' +TAXONOMY_NAME = 'doping-substances' + +ignore = ('NON-APPROVED SUBSTANCES', ) + + +def list_predicates(articles): + predicates = {} + for article in articles: + title = article.find('p', attrs={'class': 'h3 panel-title'}).text + if title in ignore: + continue + predicate = Predicate() + predicate.predicate = title + div = article.find('div', attrs={'class': 'layout-wysiwyg'}) + description = div.find('p') + predicate.description = description.find_next_sibling().text + predicates[title] = predicate + return predicates + + +def generate_taxonomy(): + new_taxonomy = Taxonomy() + + new_taxonomy.name = TAXONOMY_NAME + new_taxonomy.expanded = TAXONOMY_EXPANDED + new_taxonomy.description = TAXONOMY_DESCRIPTION + + response = requests.get(CONTENT_URL) + soup = BeautifulSoup(response.text, 'html.parser') + articles = soup.findAll('article', attrs={'class': 'panel hide-reader'}) + + new_taxonomy.predicates = list_predicates(articles) + + for article in articles: + title = article.find('p', attrs={'class': 'h3 panel-title'}).text + if title in ignore: + continue + products = article.findAll('li') + products_list = {} + for product in products: + entry = Entry() + entry.value = product.text + products_list[entry.value] = entry + new_taxonomy.predicates[title].entries = products_list + + return new_taxonomy + + +if __name__ == '__main__': + taxonomy = generate_taxonomy() + taxonomy.version = 2 + with open(Path(__file__).resolve().parent / 'machinetag.json', 'wt', encoding='utf-8') as f: + json.dump(taxonomy.to_dict(), f, indent=2, ensure_ascii=False) diff --git a/doping-substances/machinetag.json b/doping-substances/machinetag.json new file mode 100644 index 0000000..daf66fc --- /dev/null +++ b/doping-substances/machinetag.json @@ -0,0 +1,1006 @@ +{ + "namespace": "doping-substances", + "description": "This taxonomy aims to list doping substances", + "version": 2, + "expanded": "Doping substances", + "predicates": [ + { + "value": "ANABOLIC AGENTS", + "description": "Anabolic agents are prohibited." + }, + { + "value": "PEPTIDE HORMONES, GROWTH FACTORS, RELATED SUBSTANCES AND MIMETICS", + "description": "The following substances, and other substances with similar chemical structure or similar biological effect(s), are prohibited:" + }, + { + "value": "BETA-2 AGONISTS", + "description": "All selective and non-selective beta-2 agonists, including all optical isomers, are prohibited." + }, + { + "value": "HORMONE AND METABOLIC MODULATORS", + "description": "The following hormone and metabolic modulators are prohibited." + }, + { + "value": "DIURETICS AND MASKING AGENTS", + "description": "All diuretics and masking agents, including all optical isomers, e.g. d- and l- where relevant,\nare prohibited." + }, + { + "value": "MANIPULATION OF BLOOD AND BLOOD COMPONENTS", + "description": "The following are prohibited:" + }, + { + "value": "CHEMICAL AND PHYSICAL MANIPULATION", + "description": "The following are prohibited:" + }, + { + "value": "GENE AND CELL DOPING", + "description": "The following, with the potential to enhance sport performance, are prohibited:" + }, + { + "value": "STIMULANTS", + "description": "Substances of Abuse in this section: cocaine and methylenedioxymethamphetamine (MDMA / “ecstasy”)." + }, + { + "value": "NARCOTICS", + "description": "The following narcotics, including all optical isomers, e.g. d- and l- where relevant, are prohibited." + }, + { + "value": "CANNABINOIDS", + "description": " " + }, + { + "value": "GLUCOCORTICOIDS", + "description": "\nAll glucocorticoids are prohibited when administered by any injectable, oral [including oromucosal (e.g. buccal, gingival, sublingual)] or rectal route." + }, + { + "value": "BETA-BLOCKERS", + "description": "Beta-blockers are prohibited In-Competition only, in the following sports, and also prohibited Out-of-Competition where indicated (*)." + } + ], + "values": [ + { + "predicate": "ANABOLIC AGENTS", + "entry": [ + { + "value": "1-Androstenediol (5α-androst-1-ene-3β, 17β-diol)" + }, + { + "value": "1-Androstenedione (5α-androst-1-ene-3, 17-dione)" + }, + { + "value": "1-Androsterone (3α-hydroxy-5α-androst-1- ene-17-one)" + }, + { + "value": "1-Epiandrosterone (3β-hydroxy-5α-androst- 1-ene-17-one)" + }, + { + "value": "1-Testosterone (17β-hydroxy-5α-androst-1- en-3-one)" + }, + { + "value": "4-Androstenediol (androst-4-ene-3β,17β- diol)" + }, + { + "value": "4-Hydroxytestosterone (4,17β-dihydroxyandrost-4-en-3-one)" + }, + { + "value": "5-Androstenedione (androst-5-ene-3,17- dione)" + }, + { + "value": "7α-hydroxy-DHEA" + }, + { + "value": "7β-hydroxy-DHEA" + }, + { + "value": "7-Keto-DHEA" + }, + { + "value": "17α-methylepithiostanol (epistane)" + }, + { + "value": "19-Norandrostenediol  (estr-4-ene-3,17-diol)" + }, + { + "value": "19-Norandrostenedione (estr-4-ene-3,17- dione)" + }, + { + "value": "Androst-4-ene-3,11,17-trione (11-ketoandrostenedione, adrenosterone)" + }, + { + "value": "Androstanolone (5α-dihydrotestosterone, 17β-hydroxy-5α-androstan-3-one)" + }, + { + "value": "Androstenediol (androst-5-ene-3β,17β-diol)" + }, + { + "value": "Androstenedione (androst-4-ene-3,17- dione)" + }, + { + "value": "Bolasterone" + }, + { + "value": "Boldenone" + }, + { + "value": "Boldione (androsta-1,4-diene-3,17-dione)" + }, + { + "value": "Calusterone" + }, + { + "value": "Clostebol" + }, + { + "value": "Danazol ([1,2]oxazolo[4’,5’:2,3]pregna-4-en- 20-yn-17α-ol)" + }, + { + "value": "Dehydrochlormethyltestosterone (4-chloro- 17β-hydroxy-17α-methylandrosta-1,4-dien- 3-one)" + }, + { + "value": "Desoxymethyltestosterone (17α-methyl-5α- androst-2-en-17β-ol and 17α-methyl-5α- androst-3-en-17β-ol)" + }, + { + "value": "Drostanolone" + }, + { + "value": "Epiandrosterone (3β-hydroxy-5α-androstan- 17-one)" + }, + { + "value": "Epi-dihydrotestosterone (17β-hydroxy-5β- androstan-3-one)" + }, + { + "value": "Epitestosterone" + }, + { + "value": "Ethylestrenol  (19-norpregna-4-en-17α-ol)" + }, + { + "value": "Fluoxymesterone" + }, + { + "value": "Formebolone" + }, + { + "value": "Furazabol (17α-methyl [1,2,5] oxadiazolo[3’,4’:2,3]-5α-androstan-17β-ol)" + }, + { + "value": "Gestrinone" + }, + { + "value": "Mestanolone" + }, + { + "value": "Mesterolone" + }, + { + "value": "Metandienone (17β-hydroxy-17α- methylandrosta-1,4-dien-3-one)" + }, + { + "value": "Metenolone" + }, + { + "value": "Methandriol" + }, + { + "value": "Methasterone (17β-hydroxy-2α,17α- dimethyl-5α-androstan-3-one)" + }, + { + "value": "Methyl-1-testosterone (17β-hydroxy-17α- methyl-5α-androst-1-en-3-one)" + }, + { + "value": "Methylclostebol" + }, + { + "value": "Methyldienolone (17β-hydroxy-17α- methylestra-4,9-dien-3-one)" + }, + { + "value": "Methylnortestosterone (17β-hydroxy-17α- methylestr-4-en-3-one)" + }, + { + "value": "Methyltestosterone" + }, + { + "value": "Metribolone (methyltrienolone, 17β-hydroxy- 17α-methylestra-4,9,11-trien-3-one)" + }, + { + "value": "Mibolerone" + }, + { + "value": "Nandrolone (19-nortestosterone)" + }, + { + "value": "Norboletone" + }, + { + "value": "Norclostebol (4-chloro-17β-ol-estr-4-en-3- one)" + }, + { + "value": "Norethandrolone" + }, + { + "value": "Oxabolone" + }, + { + "value": "Oxandrolone" + }, + { + "value": "Oxymesterone" + }, + { + "value": "Oxymetholone" + }, + { + "value": "Prasterone (dehydroepiandrosterone, DHEA, 3β-hydroxyandrost-5-en-17-one)" + }, + { + "value": "Prostanozol (17β-[(tetrahydropyran-2-yl) oxy]-1’H-pyrazolo[3,4:2,3]-5α-androstane)" + }, + { + "value": "Quinbolone" + }, + { + "value": "Stanozolol" + }, + { + "value": "Stenbolone" + }, + { + "value": "Testosterone" + }, + { + "value": "Tetrahydrogestrinone (17-hydroxy-18a- homo-19-nor-17α-pregna-4,9,11-trien-3- one)" + }, + { + "value": "Tibolone" + }, + { + "value": "Trenbolone (17β-hydroxyestr-4,9,11-trien-3- one)\n\tand other substances with a similar chemical structure or similar biological effect(s)." + }, + { + "value": "Clenbuterol" + }, + { + "value": "Osilodrostat" + }, + { + "value": "Ractopamine" + }, + { + "value": "Selective androgen receptor modulators [SARMs, e.g. andarine, enobosarm (ostarine), LGD-4033 (ligandrol), RAD140, S-23 and YK-11]" + }, + { + "value": "Zeranol" + }, + { + "value": "Zilpaterol" + } + ] + }, + { + "predicate": "PEPTIDE HORMONES, GROWTH FACTORS, RELATED SUBSTANCES AND MIMETICS", + "entry": [ + { + "value": "Darbepoetins (dEPO)" + }, + { + "value": "Erythropoietins (EPO)" + }, + { + "value": "EPO-based constructs [e.g. EPO-Fc, methoxy polyethylene glycol-epoetin beta (CERA)]" + }, + { + "value": "EPO-mimetic agents and their constructs (e.g. CNTO-530, peginesatide)" + }, + { + "value": "Cobalt" + }, + { + "value": "Daprodustat (GSK1278863)" + }, + { + "value": "IOX2" + }, + { + "value": "Molidustat (BAY 85-3934)" + }, + { + "value": "Roxadustat (FG-4592)" + }, + { + "value": "Vadadustat (AKB-6548)" + }, + { + "value": "Xenon" + }, + { + "value": "K-11706" + }, + { + "value": "Luspatercept" + }, + { + "value": "Sotatercept" + }, + { + "value": "Asialo EPO" + }, + { + "value": "Carbamylated EPO (CEPO)" + }, + { + "value": "Buserelin " + }, + { + "value": "Deslorelin" + }, + { + "value": "Gonadorelin" + }, + { + "value": "Goserelin" + }, + { + "value": "Leuprorelin" + }, + { + "value": "Nafarelin" + }, + { + "value": "Triptorelin" + }, + { + "value": "Corticorelin" + }, + { + "value": "growth hormone analogues, e.g. lonapegsomatropin, somapacitan and somatrogon" + }, + { + "value": "growth hormone fragments, e.g. AOD-9604 and hGH 176-191" + }, + { + "value": "growth hormone-releasing hormone (GHRH) and its analogues (e.g. CJC-1293, CJC-1295, sermorelin and tesamorelin)" + }, + { + "value": "growth hormone secretagogues (GHS) and their mimetics [e.g. lenomorelin (ghrelin), anamorelin, ipamorelin, macimorelin and tabimorelin]" + }, + { + "value": "GH-releasing peptides (GHRPs) [e.g. alexamorelin, GHRP-1, GHRP-2 (pralmorelin), GHRP-3, GHRP-4, GHRP-5, GHRP-6, and examorelin (hexarelin)]" + }, + { + "value": "Fibroblast growth factors (FGFs)" + }, + { + "value": "Hepatocyte growth factor (HGF)" + }, + { + "value": "Insulin-like growth factor 1 (IGF-1) and its analogues" + }, + { + "value": "Mechano growth factors (MGFs)" + }, + { + "value": "Platelet-derived growth factor (PDGF)" + }, + { + "value": "Thymosin-β4 and its derivatives e.g. TB-500" + }, + { + "value": "Vascular endothelial growth factor (VEGF)\n\tand other growth factors or growth factor modulators affecting muscle, tendon or ligament protein synthesis/degradation, vascularisation, energy utilization, regenerative capacity or fibre type switching." + } + ] + }, + { + "predicate": "BETA-2 AGONISTS", + "entry": [ + { + "value": "Arformoterol" + }, + { + "value": "Fenoterol" + }, + { + "value": "Formoterol" + }, + { + "value": "Higenamine" + }, + { + "value": "Indacaterol" + }, + { + "value": "Levosalbutamol" + }, + { + "value": "Olodaterol" + }, + { + "value": "Procaterol" + }, + { + "value": "Reproterol" + }, + { + "value": "Salbutamol" + }, + { + "value": "Salmeterol" + }, + { + "value": "Terbutaline" + }, + { + "value": "Tretoquinol (trimetoquinol)" + }, + { + "value": "Tulobuterol" + }, + { + "value": "Vilanterol" + }, + { + "value": "Inhaled salbutamol: maximum 1600 micrograms over 24 hours in divided doses not to exceed 600 micrograms over 8 hours starting from any dose" + }, + { + "value": "Inhaled formoterol: maximum delivered dose of 54 micrograms over 24 hours" + }, + { + "value": "Inhaled salmeterol: maximum 200 micrograms over 24 hours" + }, + { + "value": "Inhaled vilanterol: maximum 25 micrograms over 24 hours" + } + ] + }, + { + "predicate": "HORMONE AND METABOLIC MODULATORS", + "entry": [ + { + "value": "2-Androstenol  (5α-androst-2-en-17-ol)" + }, + { + "value": "2-Androstenone (5α-androst-2-en-17-one)" + }, + { + "value": "3-Androstenol  (5α-androst-3-en-17-ol)" + }, + { + "value": "3-Androstenone (5α-androst-3-en-17-one)" + }, + { + "value": "4-Androstene-3,6,17 trione (6-oxo)" + }, + { + "value": "Aminoglutethimide" + }, + { + "value": "Anastrozole" + }, + { + "value": "Androsta-1,4,6-triene-3,17-dione (androstatrienedione)" + }, + { + "value": "Androsta-3,5-diene-7,17-dione (arimistane)" + }, + { + "value": "Exemestane" + }, + { + "value": "Formestane" + }, + { + "value": "Letrozole" + }, + { + "value": "Testolactone" + }, + { + "value": "Bazedoxifene" + }, + { + "value": "Clomifene" + }, + { + "value": "Cyclofenil" + }, + { + "value": "Fulvestrant" + }, + { + "value": "Ospemifene" + }, + { + "value": "Raloxifene" + }, + { + "value": "Tamoxifen" + }, + { + "value": "Toremifene" + }, + { + "value": "Activin A-neutralizing antibodies" + }, + { + "value": "Activin receptor IIB competitors such as: \nDecoy activin receptors (e.g. ACE-031)\n" + }, + { + "value": "Decoy activin receptors (e.g. ACE-031)" + }, + { + "value": "Anti-activin receptor IIB antibodies (e.g. bimagrumab)" + }, + { + "value": "Myostatin inhibitors such as:\nAgents reducing or ablating myostatin expression\nMyostatin-binding proteins (e.g. follistatin, myostatin propeptide)\nMyostatin- or precursor - neutralizing  antibodies (e.g. apitegromab, domagrozumab, landogrozumab, stamulumab)\n" + }, + { + "value": "Agents reducing or ablating myostatin expression" + }, + { + "value": "Myostatin-binding proteins (e.g. follistatin, myostatin propeptide)" + }, + { + "value": "Myostatin- or precursor - neutralizing  antibodies (e.g. apitegromab, domagrozumab, landogrozumab, stamulumab)" + } + ] + }, + { + "predicate": "DIURETICS AND MASKING AGENTS", + "entry": [ + { + "value": "Desmopressin; probenecid; plasma expanders, e.g. intravenous administration of albumin, dextran, hydroxyethyl starch and mannitol." + }, + { + "value": "Acetazolamide; amiloride; bumetanide; canrenone; chlortalidone; etacrynic acid; furosemide; indapamide; metolazone; spironolactone; thiazides, e.g. bendroflumethiazide, chlorothiazide and hydrochlorothiazide; torasemide; triamterene and vaptans, e.g. tolvaptan." + }, + { + "value": "Drospirenone; pamabrom; and topical ophthalmic administration of carbonic anhydrase inhibitors (e.g. dorzolamide, brinzolamide)" + }, + { + "value": "Local administration of felypressin in dental anaesthesia" + } + ] + }, + { + "predicate": "STIMULANTS", + "entry": [ + { + "value": "Adrafinil" + }, + { + "value": "Amfepramone" + }, + { + "value": "Amfetamine" + }, + { + "value": "Amfetaminil" + }, + { + "value": "Amiphenazole" + }, + { + "value": "Benfluorex" + }, + { + "value": "Benzylpiperazine" + }, + { + "value": "Bromantan" + }, + { + "value": "Clobenzorex" + }, + { + "value": "Cocaine" + }, + { + "value": "Cropropamide" + }, + { + "value": "Crotetamide" + }, + { + "value": "Fencamine" + }, + { + "value": "Fenetylline" + }, + { + "value": "Fenfluramine" + }, + { + "value": "Fenproporex" + }, + { + "value": "Fonturacetam [4-phenylpiracetam (carphedon)]" + }, + { + "value": "Furfenorex" + }, + { + "value": "Lisdexamfetamine" + }, + { + "value": "Mefenorex" + }, + { + "value": "Mephentermine" + }, + { + "value": "Mesocarb" + }, + { + "value": "Metamfetamine(d-)" + }, + { + "value": "p-methylamfetamine" + }, + { + "value": "Modafinil" + }, + { + "value": "Norfenfluramine" + }, + { + "value": "Phendimetrazine" + }, + { + "value": "Phentermine" + }, + { + "value": "Prenylamine" + }, + { + "value": "Prolintane" + }, + { + "value": "3-Methylhexan-2-amine (1,2-dimethylpentylamine)" + }, + { + "value": "4-fluoromethylphenidate" + }, + { + "value": "4-Methylhexan-2-amine (methylhexaneamine, 1,3-dimethylamylamine, 1,3 DMAA)" + }, + { + "value": "4-Methylpentan-2-amine (1,3-dimethylbutylamine)" + }, + { + "value": "5-Methylhexan-2-amine (1,4-dimethylpentylamine, 1,4-dimethylamylamine, 1,4-DMAA)" + }, + { + "value": "Benzfetamine" + }, + { + "value": "Cathine**" + }, + { + "value": "Cathinone and its analogues, e.g. mephedrone, methedrone, and α - pyrrolidinovalerophenone" + }, + { + "value": "Dimetamfetamine (dimethylamphetamine)" + }, + { + "value": "Ephedrine***" + }, + { + "value": "Epinephrine**** (adrenaline)" + }, + { + "value": "Etamivan" + }, + { + "value": "Ethylphenidate" + }, + { + "value": "Etilamfetamine" + }, + { + "value": "Etilefrine" + }, + { + "value": "Famprofazone" + }, + { + "value": "Fenbutrazate" + }, + { + "value": "Fencamfamin" + }, + { + "value": "Heptaminol" + }, + { + "value": "Hydrafinil (fluorenol)" + }, + { + "value": "Hydroxyamfetamine (parahydroxyamphetamine)" + }, + { + "value": "Isometheptene" + }, + { + "value": "Levmetamfetamine" + }, + { + "value": "Meclofenoxate" + }, + { + "value": "Methylenedioxymetham- phetamine" + }, + { + "value": "Methylephedrine***" + }, + { + "value": "Methylnaphthidate [((±)-methyl-2-(naphthalen-2-yl)-2-(piperidin-2-yl)acetate]" + }, + { + "value": "Methylphenidate" + }, + { + "value": "Nikethamide" + }, + { + "value": "Norfenefrine" + }, + { + "value": "Octodrine (1,5-dimethylhex- ylamine)" + }, + { + "value": "Octopamine" + }, + { + "value": "Oxilofrine (methylsynephrine)" + }, + { + "value": "Pemoline" + }, + { + "value": "Pentetrazol" + }, + { + "value": "Phenethylamine and its derivatives" + }, + { + "value": "Phenmetrazine" + }, + { + "value": "Phenpromethamine" + }, + { + "value": "Propylhexedrine" + }, + { + "value": "Pseudoephedrine*****" + }, + { + "value": "Selegiline" + }, + { + "value": "Sibutramine" + }, + { + "value": "Solriamfetol" + }, + { + "value": "Strychnine" + }, + { + "value": "Tenamfetamine (methylenedioxyamphet- amine)" + }, + { + "value": "Tuaminoheptane" + }, + { + "value": "Clonidine" + }, + { + "value": "Imidazole derivatives for dermatological, nasal, ophthalmic or otic use (e.g. brimonidine, clonazoline, fenoxazoline, indanazoline, naphazoline, oxymetazoline, tetryzoline, xylometazoline) and those stimulants included in the 2023 Monitoring Program*" + } + ] + }, + { + "predicate": "NARCOTICS", + "entry": [ + { + "value": "Buprenorphine" + }, + { + "value": "Dextromoramide" + }, + { + "value": "Diamorphine (heroin)" + }, + { + "value": "Fentanyl and its derivatives" + }, + { + "value": "Hydromorphone" + }, + { + "value": "Methadone" + }, + { + "value": "Morphine" + }, + { + "value": "Nicomorphine" + }, + { + "value": "Oxycodone" + }, + { + "value": "Oxymorphone" + }, + { + "value": "Pentazocine" + }, + { + "value": "Pethidine" + } + ] + }, + { + "predicate": "CANNABINOIDS", + "entry": [ + { + "value": "In cannabis (hashish, marijuana) and cannabis products" + }, + { + "value": "Synthetic cannabinoids that mimic the effects of THC" + }, + { + "value": "Natural and synthetic tetrahydrocannabinols (THCs)" + }, + { + "value": "Cannabidiol" + } + ] + }, + { + "predicate": "GLUCOCORTICOIDS", + "entry": [ + { + "value": "Beclometasone" + }, + { + "value": "Betamethasone" + }, + { + "value": "Budesonide" + }, + { + "value": "Ciclesonide" + }, + { + "value": "Cortisone" + }, + { + "value": "Deflazacort" + }, + { + "value": "Dexamethasone" + }, + { + "value": "Flucortolone" + }, + { + "value": "Flunisolide" + }, + { + "value": "Fluticasone" + }, + { + "value": "Hydrocortisone" + }, + { + "value": "Methylprednisolone" + }, + { + "value": "Mometasone" + }, + { + "value": "Prednisolone" + }, + { + "value": "Prednisone" + }, + { + "value": "Triamcinolone acetonide" + } + ] + }, + { + "predicate": "BETA-BLOCKERS", + "entry": [ + { + "value": "Archery (WA)*" + }, + { + "value": "Automobile (FIA)" + }, + { + "value": "Billiards (all disciplines) (WCBS)" + }, + { + "value": "Darts (WDF)" + }, + { + "value": "Golf (IGF)" + }, + { + "value": "Mini-Golf (WMF)" + }, + { + "value": "Shooting (ISSF, IPC)*" + }, + { + "value": "Skiing/Snowboarding (FIS) in ski jumping, freestyle aerials/halfpipe and snowboard halfpipe/big air" + }, + { + "value": "Underwater sports (CMAS)* in all subdisciplines of freediving, spearfishing and target shooting" + }, + { + "value": "Acebutolol" + }, + { + "value": "Alprenolol" + }, + { + "value": "Atenolol" + }, + { + "value": "Betaxolol" + }, + { + "value": "Bisoprolol" + }, + { + "value": "Bunolol" + }, + { + "value": "Carteolol" + }, + { + "value": "Carvedilol" + }, + { + "value": "Celiprolol" + }, + { + "value": "Esmolol" + }, + { + "value": "Labetalol" + }, + { + "value": "Metipranolol" + }, + { + "value": "Metoprolol" + }, + { + "value": "Nadolol" + }, + { + "value": "Nebivolol" + }, + { + "value": "Oxprenolol" + }, + { + "value": "Pindolol" + }, + { + "value": "Propranolol" + }, + { + "value": "Sotalol" + }, + { + "value": "Timolol" + } + ] + } + ] +} \ No newline at end of file From 13951549f371b85c5092af2b7af92deb9eb2e829 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Tue, 17 Oct 2023 23:46:09 +0200 Subject: [PATCH 13/20] chg: [doping-substances] Handmade review of the taxonomy --- doping-substances/machinetag.json | 810 +++++++++++++++++------------- 1 file changed, 466 insertions(+), 344 deletions(-) diff --git a/doping-substances/machinetag.json b/doping-substances/machinetag.json index daf66fc..f700b9e 100644 --- a/doping-substances/machinetag.json +++ b/doping-substances/machinetag.json @@ -5,1002 +5,1124 @@ "expanded": "Doping substances", "predicates": [ { - "value": "ANABOLIC AGENTS", + "value": "anabolic agents", "description": "Anabolic agents are prohibited." }, { - "value": "PEPTIDE HORMONES, GROWTH FACTORS, RELATED SUBSTANCES AND MIMETICS", - "description": "The following substances, and other substances with similar chemical structure or similar biological effect(s), are prohibited:" + "value": "peptide hormones, growth factors, related substances and mimetics", + "description": "The following substances, and other substances with similar chemical structure or similar biological effect(s), are prohibited." }, { - "value": "BETA-2 AGONISTS", + "value": "beta-2 agonists", "description": "All selective and non-selective beta-2 agonists, including all optical isomers, are prohibited." }, { - "value": "HORMONE AND METABOLIC MODULATORS", + "value": "hormone and metabolic modulators", "description": "The following hormone and metabolic modulators are prohibited." }, { - "value": "DIURETICS AND MASKING AGENTS", - "description": "All diuretics and masking agents, including all optical isomers, e.g. d- and l- where relevant,\nare prohibited." + "value": "diuretics and masking agents", + "description": "All diuretics and masking agents, including all optical isomers, e.g. d- and l- where relevant, are prohibited." }, { - "value": "MANIPULATION OF BLOOD AND BLOOD COMPONENTS", - "description": "The following are prohibited:" + "value": "manipulation of blood and blood components", + "description": "The following are prohibited" }, { - "value": "CHEMICAL AND PHYSICAL MANIPULATION", - "description": "The following are prohibited:" + "value": "chemical and physical manipulation", + "description": "The following are prohibited" }, { - "value": "GENE AND CELL DOPING", - "description": "The following, with the potential to enhance sport performance, are prohibited:" + "value": "gene and cell doping", + "description": "The following, with the potential to enhance sport performance, are prohibited" }, { - "value": "STIMULANTS", + "value": "stimulants", "description": "Substances of Abuse in this section: cocaine and methylenedioxymethamphetamine (MDMA / “ecstasy”)." }, { - "value": "NARCOTICS", + "value": "narcotics", "description": "The following narcotics, including all optical isomers, e.g. d- and l- where relevant, are prohibited." }, { - "value": "CANNABINOIDS", - "description": " " + "value": "cannabinoids" }, { - "value": "GLUCOCORTICOIDS", - "description": "\nAll glucocorticoids are prohibited when administered by any injectable, oral [including oromucosal (e.g. buccal, gingival, sublingual)] or rectal route." + "value": "glucocorticoids", + "description": "All glucocorticoids are prohibited when administered by any injectable, oral [including oromucosal (e.g. buccal, gingival, sublingual)] or rectal route." }, { - "value": "BETA-BLOCKERS", + "value": "beta-blockers", "description": "Beta-blockers are prohibited In-Competition only, in the following sports, and also prohibited Out-of-Competition where indicated (*)." } ], "values": [ { - "predicate": "ANABOLIC AGENTS", + "predicate": "anabolic agents", "entry": [ { - "value": "1-Androstenediol (5α-androst-1-ene-3β, 17β-diol)" + "value": "1-androstenediol", + "expanded": "1-androstenediol (5α-androst-1-ene-3β, 17β-diol)" }, { - "value": "1-Androstenedione (5α-androst-1-ene-3, 17-dione)" + "value": "1-androstenedione", + "expanded": "1-androstenedione (5α-androst-1-ene-3, 17-dione)" }, { - "value": "1-Androsterone (3α-hydroxy-5α-androst-1- ene-17-one)" + "value": "1-androsterone", + "expanded": "1-androsterone (3α-hydroxy-5α-androst-1-ene-17-one)" }, { - "value": "1-Epiandrosterone (3β-hydroxy-5α-androst- 1-ene-17-one)" + "value": "1-epiandrosterone", + "expanded": "1-epiandrosterone (3β-hydroxy-5α-androst-1-ene-17-one)" }, { - "value": "1-Testosterone (17β-hydroxy-5α-androst-1- en-3-one)" + "value": "1-testosterone", + "expanded": "1-testosterone (17β-hydroxy-5α-androst-1-en-3-one)" }, { - "value": "4-Androstenediol (androst-4-ene-3β,17β- diol)" + "value": "4-androstenediol", + "expanded": "4-androstenediol (androst-4-ene-3β,17β-diol)" }, { - "value": "4-Hydroxytestosterone (4,17β-dihydroxyandrost-4-en-3-one)" + "value": "4-hydroxytestosterone", + "expanded": "4-hydroxytestosterone (4,17β-dihydroxyandrost-4-en-3-one)" }, { - "value": "5-Androstenedione (androst-5-ene-3,17- dione)" + "value": "5-androstenedione", + "expanded": "5-androstenedione (androst-5-ene-3,17-dione)" }, { - "value": "7α-hydroxy-DHEA" + "value": "7α-hydroxy-dhea" }, { - "value": "7β-hydroxy-DHEA" + "value": "7β-hydroxy-dhea" }, { - "value": "7-Keto-DHEA" + "value": "7-keto-dhea" }, { - "value": "17α-methylepithiostanol (epistane)" + "value": "17α-methylepithiostanol", + "expanded": "17α-methylepithiostanol (epistane)" }, { - "value": "19-Norandrostenediol  (estr-4-ene-3,17-diol)" + "value": "19-norandrostenediol", + "expanded": "19-norandrostenediol  (estr-4-ene-3,17-diol)" }, { - "value": "19-Norandrostenedione (estr-4-ene-3,17- dione)" + "value": "19-norandrostenedione", + "expanded": "19-norandrostenedione (estr-4-ene-3,17-dione)" }, { - "value": "Androst-4-ene-3,11,17-trione (11-ketoandrostenedione, adrenosterone)" + "value": "androst-4-ene-3,11,17-trione", + "expanded": "androst-4-ene-3,11,17-trione (11-ketoandrostenedione, adrenosterone)" }, { - "value": "Androstanolone (5α-dihydrotestosterone, 17β-hydroxy-5α-androstan-3-one)" + "value": "androstanolone", + "expanded": "androstanolone (5α-dihydrotestosterone, 17β-hydroxy-5α-androstan-3-one)" }, { - "value": "Androstenediol (androst-5-ene-3β,17β-diol)" + "value": "androstenediol", + "expanded": "androstenediol (androst-5-ene-3β,17β-diol)" }, { - "value": "Androstenedione (androst-4-ene-3,17- dione)" + "value": "androstenedione", + "expanded": "androstenedione (androst-4-ene-3,17-dione)" }, { - "value": "Bolasterone" + "value": "bolasterone" }, { - "value": "Boldenone" + "value": "boldenone" }, { - "value": "Boldione (androsta-1,4-diene-3,17-dione)" + "value": "boldione", + "expanded": "boldione (androsta-1,4-diene-3,17-dione)" }, { - "value": "Calusterone" + "value": "calusterone" }, { - "value": "Clostebol" + "value": "clostebol" }, { - "value": "Danazol ([1,2]oxazolo[4’,5’:2,3]pregna-4-en- 20-yn-17α-ol)" + "value": "danazol", + "expanded": "danazol ([1,2]oxazolo[4’,5’:2,3]pregna-4-en-20-yn-17α-ol)" }, { - "value": "Dehydrochlormethyltestosterone (4-chloro- 17β-hydroxy-17α-methylandrosta-1,4-dien- 3-one)" + "value": "dehydrochlormethyltestosterone", + "expanded": "dehydrochlormethyltestosterone (4-chloro-17β-hydroxy-17α-methylandrosta-1,4-dien-3-one)" }, { - "value": "Desoxymethyltestosterone (17α-methyl-5α- androst-2-en-17β-ol and 17α-methyl-5α- androst-3-en-17β-ol)" + "value": "desoxymethyltestosterone", + "expanded": "desoxymethyltestosterone (17α-methyl-5α-androst-2-en-17β-ol and 17α-methyl-5α-androst-3-en-17β-ol)" }, { - "value": "Drostanolone" + "value": "drostanolone" }, { - "value": "Epiandrosterone (3β-hydroxy-5α-androstan- 17-one)" + "value": "epiandrosterone", + "expanded": "epiandrosterone (3β-hydroxy-5α-androstan-17-one)" }, { - "value": "Epi-dihydrotestosterone (17β-hydroxy-5β- androstan-3-one)" + "value": "epi-dihydrotestosterone", + "expanded": "epi-dihydrotestosterone (17β-hydroxy-5β-androstan-3-one)" }, { - "value": "Epitestosterone" + "value": "epitestosterone" }, { - "value": "Ethylestrenol  (19-norpregna-4-en-17α-ol)" + "value": "ethylestrenol", + "expanded": "ethylestrenol  (19-norpregna-4-en-17α-ol)" }, { - "value": "Fluoxymesterone" + "value": "fluoxymesterone" }, { - "value": "Formebolone" + "value": "formebolone" }, { - "value": "Furazabol (17α-methyl [1,2,5] oxadiazolo[3’,4’:2,3]-5α-androstan-17β-ol)" + "value": "furazabol", + "expanded": "furazabol (17α-methyl [1,2,5] oxadiazolo[3’,4’:2,3]-5α-androstan-17β-ol)" }, { - "value": "Gestrinone" + "value": "gestrinone" }, { - "value": "Mestanolone" + "value": "mestanolone" }, { - "value": "Mesterolone" + "value": "mesterolone" }, { - "value": "Metandienone (17β-hydroxy-17α- methylandrosta-1,4-dien-3-one)" + "value": "metandienone", + "expanded": "metandienone (17β-hydroxy-17α- methylandrosta-1,4-dien-3-one)" }, { - "value": "Metenolone" + "value": "metenolone" }, { - "value": "Methandriol" + "value": "methandriol" }, { - "value": "Methasterone (17β-hydroxy-2α,17α- dimethyl-5α-androstan-3-one)" + "value": "methasterone", + "expanded": "methasterone (17β-hydroxy-2α,17α- dimethyl-5α-androstan-3-one)" }, { - "value": "Methyl-1-testosterone (17β-hydroxy-17α- methyl-5α-androst-1-en-3-one)" + "value": "methyl-1-testosterone", + "expanded": "methyl-1-testosterone (17β-hydroxy-17α- methyl-5α-androst-1-en-3-one)" }, { - "value": "Methylclostebol" + "value": "methylclostebol" }, { - "value": "Methyldienolone (17β-hydroxy-17α- methylestra-4,9-dien-3-one)" + "value": "methyldienolone", + "expanded": "methyldienolone (17β-hydroxy-17α- methylestra-4,9-dien-3-one)" }, { - "value": "Methylnortestosterone (17β-hydroxy-17α- methylestr-4-en-3-one)" + "value": "methylnortestosterone", + "expanded": "methylnortestosterone (17β-hydroxy-17α- methylestr-4-en-3-one)" }, { - "value": "Methyltestosterone" + "value": "methyltestosterone" }, { - "value": "Metribolone (methyltrienolone, 17β-hydroxy- 17α-methylestra-4,9,11-trien-3-one)" + "value": "metribolone", + "expanded": "metribolone (methyltrienolone, 17β-hydroxy- 17α-methylestra-4,9,11-trien-3-one)" }, { - "value": "Mibolerone" + "value": "mibolerone" }, { - "value": "Nandrolone (19-nortestosterone)" + "value": "nandrolone", + "expanded": "nandrolone (19-nortestosterone)" }, { - "value": "Norboletone" + "value": "norboletone" }, { - "value": "Norclostebol (4-chloro-17β-ol-estr-4-en-3- one)" + "value": "norclostebol", + "expanded": "norclostebol (4-chloro-17β-ol-estr-4-en-3- one)" }, { - "value": "Norethandrolone" + "value": "norethandrolone" }, { - "value": "Oxabolone" + "value": "oxabolone" }, { - "value": "Oxandrolone" + "value": "oxandrolone" }, { - "value": "Oxymesterone" + "value": "oxymesterone" }, { - "value": "Oxymetholone" + "value": "oxymetholone" }, { - "value": "Prasterone (dehydroepiandrosterone, DHEA, 3β-hydroxyandrost-5-en-17-one)" + "value": "prasterone", + "expanded": "prasterone (dehydroepiandrosterone, dhea, 3β-hydroxyandrost-5-en-17-one)" }, { - "value": "Prostanozol (17β-[(tetrahydropyran-2-yl) oxy]-1’H-pyrazolo[3,4:2,3]-5α-androstane)" + "value": "prostanozol", + "expanded": "prostanozol (17β-[(tetrahydropyran-2-yl) oxy]-1’h-pyrazolo[3,4:2,3]-5α-androstane)" }, { - "value": "Quinbolone" + "value": "quinbolone" }, { - "value": "Stanozolol" + "value": "stanozolol" }, { - "value": "Stenbolone" + "value": "stenbolone" }, { - "value": "Testosterone" + "value": "testosterone" }, { - "value": "Tetrahydrogestrinone (17-hydroxy-18a- homo-19-nor-17α-pregna-4,9,11-trien-3- one)" + "value": "tetrahydrogestrinone", + "expanded": "tetrahydrogestrinone (17-hydroxy-18a- homo-19-nor-17α-pregna-4,9,11-trien-3- one)" }, { - "value": "Tibolone" + "value": "tibolone" }, { - "value": "Trenbolone (17β-hydroxyestr-4,9,11-trien-3- one)\n\tand other substances with a similar chemical structure or similar biological effect(s)." + "value": "trenbolone", + "expanded": "trenbolone (17β-hydroxyestr-4,9,11-trien-3-one) and other substances with a similar chemical structure or similar biological effect(s)." }, { - "value": "Clenbuterol" + "value": "clenbuterol" }, { - "value": "Osilodrostat" + "value": "osilodrostat" }, { - "value": "Ractopamine" + "value": "ractopamine" }, { - "value": "Selective androgen receptor modulators [SARMs, e.g. andarine, enobosarm (ostarine), LGD-4033 (ligandrol), RAD140, S-23 and YK-11]" + "value": "selective androgen receptor modulators", + "expanded": "selective androgen receptor modulators [sarms, e.g. andarine, enobosarm (ostarine), lgd-4033 (ligandrol), rad140, s-23 and yk-11]" }, { - "value": "Zeranol" + "value": "zeranol" }, { - "value": "Zilpaterol" + "value": "zilpaterol" } ] }, { - "predicate": "PEPTIDE HORMONES, GROWTH FACTORS, RELATED SUBSTANCES AND MIMETICS", + "predicate": "peptide hormones, growth factors, related substances and mimetics", "entry": [ { - "value": "Darbepoetins (dEPO)" + "value": "darbepoetins", + "expanded": "darbepoetins (depo)" }, { - "value": "Erythropoietins (EPO)" + "value": "erythropoietins", + "expanded": "erythropoietins (epo)" }, { - "value": "EPO-based constructs [e.g. EPO-Fc, methoxy polyethylene glycol-epoetin beta (CERA)]" + "value": "epo-based constructs", + "expanded": "epo-based constructs [e.g. epo-fc, methoxy polyethylene glycol-epoetin beta (cera)]" }, { - "value": "EPO-mimetic agents and their constructs (e.g. CNTO-530, peginesatide)" + "value": "epo-mimetic agents", + "expanded": "epo-mimetic agents and their constructs (e.g. cnto-530, peginesatide)" }, { - "value": "Cobalt" + "value": "cobalt" }, { - "value": "Daprodustat (GSK1278863)" + "value": "daprodustat", + "expanded": "daprodustat (gsk1278863)" }, { - "value": "IOX2" + "value": "iox2" }, { - "value": "Molidustat (BAY 85-3934)" + "value": "molidustat", + "expanded": "molidustat (bay 85-3934)" }, { - "value": "Roxadustat (FG-4592)" + "value": "roxadustat", + "expanded": "roxadustat (fg-4592)" }, { - "value": "Vadadustat (AKB-6548)" + "value": "vadadustat", + "expanded": "vadadustat (akb-6548)" }, { - "value": "Xenon" + "value": "xenon" }, { - "value": "K-11706" + "value": "k-11706" }, { - "value": "Luspatercept" + "value": "luspatercept" }, { - "value": "Sotatercept" + "value": "sotatercept" }, { - "value": "Asialo EPO" + "value": "asialo epo" }, { - "value": "Carbamylated EPO (CEPO)" + "value": "carbamylated epo", + "expanded": "carbamylated epo (cepo)" }, { - "value": "Buserelin " + "value": "buserelin" }, { - "value": "Deslorelin" + "value": "deslorelin" }, { - "value": "Gonadorelin" + "value": "gonadorelin" }, { - "value": "Goserelin" + "value": "goserelin" }, { - "value": "Leuprorelin" + "value": "leuprorelin" }, { - "value": "Nafarelin" + "value": "nafarelin" }, { - "value": "Triptorelin" + "value": "triptorelin" }, { - "value": "Corticorelin" + "value": "corticorelin" }, { "value": "growth hormone analogues, e.g. lonapegsomatropin, somapacitan and somatrogon" }, { - "value": "growth hormone fragments, e.g. AOD-9604 and hGH 176-191" + "value": "growth hormone fragments, e.g. aod-9604 and hgh 176-191" }, { - "value": "growth hormone-releasing hormone (GHRH) and its analogues (e.g. CJC-1293, CJC-1295, sermorelin and tesamorelin)" + "value": "growth hormone-releasing hormone", + "expanded": "growth hormone-releasing hormone (ghrh) and its analogues (e.g. cjc-1293, cjc-1295, sermorelin and tesamorelin)" }, { - "value": "growth hormone secretagogues (GHS) and their mimetics [e.g. lenomorelin (ghrelin), anamorelin, ipamorelin, macimorelin and tabimorelin]" + "value": "growth hormone secretagogues", + "expanded": "growth hormone secretagogues (ghs) and their mimetics [e.g. lenomorelin (ghrelin), anamorelin, ipamorelin, macimorelin and tabimorelin]" }, { - "value": "GH-releasing peptides (GHRPs) [e.g. alexamorelin, GHRP-1, GHRP-2 (pralmorelin), GHRP-3, GHRP-4, GHRP-5, GHRP-6, and examorelin (hexarelin)]" + "value": "gh-releasing peptides", + "expanded": "gh-releasing peptides (ghrps) [e.g. alexamorelin, ghrp-1, ghrp-2 (pralmorelin), ghrp-3, ghrp-4, ghrp-5, ghrp-6, and examorelin (hexarelin)]" }, { - "value": "Fibroblast growth factors (FGFs)" + "value": "fibroblast growth factors", + "expanded": "fibroblast growth factors (fgfs)" }, { - "value": "Hepatocyte growth factor (HGF)" + "value": "hepatocyte growth factor", + "expanded": "hepatocyte growth factor (hgf)" }, { - "value": "Insulin-like growth factor 1 (IGF-1) and its analogues" + "value": "insulin-like growth factor 1", + "expanded": "insulin-like growth factor 1 (igf-1) and its analogues" }, { - "value": "Mechano growth factors (MGFs)" + "value": "mechano growth factors", + "expanded": "mechano growth factors (mgfs)" }, { - "value": "Platelet-derived growth factor (PDGF)" + "value": "platelet-derived growth factor", + "expanded": "platelet-derived growth factor (pdgf)" }, { - "value": "Thymosin-β4 and its derivatives e.g. TB-500" + "value": "thymosin-β4 and its derivatives e.g. tb-500" }, { - "value": "Vascular endothelial growth factor (VEGF)\n\tand other growth factors or growth factor modulators affecting muscle, tendon or ligament protein synthesis/degradation, vascularisation, energy utilization, regenerative capacity or fibre type switching." + "value": "vascular endothelial growth factor", + "expanded": "vascular endothelial growth factor (vegf) and other growth factors or growth factor modulators affecting muscle, tendon or ligament protein synthesis/degradation, vascularisation, energy utilization, regenerative capacity or fibre type switching." } ] }, { - "predicate": "BETA-2 AGONISTS", + "predicate": "beta-2 agonists", "entry": [ { - "value": "Arformoterol" + "value": "arformoterol" }, { - "value": "Fenoterol" + "value": "fenoterol" }, { - "value": "Formoterol" + "value": "formoterol" }, { - "value": "Higenamine" + "value": "higenamine" }, { - "value": "Indacaterol" + "value": "indacaterol" }, { - "value": "Levosalbutamol" + "value": "levosalbutamol" }, { - "value": "Olodaterol" + "value": "olodaterol" }, { - "value": "Procaterol" + "value": "procaterol" }, { - "value": "Reproterol" + "value": "reproterol" }, { - "value": "Salbutamol" + "value": "salbutamol" }, { - "value": "Salmeterol" + "value": "salmeterol" }, { - "value": "Terbutaline" + "value": "terbutaline" }, { - "value": "Tretoquinol (trimetoquinol)" + "value": "tretoquinol", + "expanded": "tretoquinol (trimetoquinol)" }, { - "value": "Tulobuterol" + "value": "tulobuterol" }, { - "value": "Vilanterol" + "value": "vilanterol" }, { - "value": "Inhaled salbutamol: maximum 1600 micrograms over 24 hours in divided doses not to exceed 600 micrograms over 8 hours starting from any dose" + "value": "salbutamol", + "expanded": "inhaled salbutamol: maximum 1600 micrograms over 24 hours in divided doses not to exceed 600 micrograms over 8 hours starting from any dose" }, { - "value": "Inhaled formoterol: maximum delivered dose of 54 micrograms over 24 hours" + "value": "formoterol", + "expanded": "inhaled formoterol: maximum delivered dose of 54 micrograms over 24 hours" }, { - "value": "Inhaled salmeterol: maximum 200 micrograms over 24 hours" + "value": "salmeterol", + "expanded": "inhaled salmeterol: maximum 200 micrograms over 24 hours" }, { - "value": "Inhaled vilanterol: maximum 25 micrograms over 24 hours" + "value": "vilanterol", + "expanded": "inhaled vilanterol: maximum 25 micrograms over 24 hours" } ] }, { - "predicate": "HORMONE AND METABOLIC MODULATORS", + "predicate": "hormone and metabolic modulators", "entry": [ { - "value": "2-Androstenol  (5α-androst-2-en-17-ol)" + "value": "2-androstenol", + "expanded": "2-androstenol  (5α-androst-2-en-17-ol)" }, { - "value": "2-Androstenone (5α-androst-2-en-17-one)" + "value": "2-androstenone", + "expanded": "2-androstenone (5α-androst-2-en-17-one)" }, { - "value": "3-Androstenol  (5α-androst-3-en-17-ol)" + "value": "3-androstenol", + "expanded": "3-androstenol  (5α-androst-3-en-17-ol)" }, { - "value": "3-Androstenone (5α-androst-3-en-17-one)" + "value": "3-androstenone", + "expanded": "3-androstenone (5α-androst-3-en-17-one)" }, { - "value": "4-Androstene-3,6,17 trione (6-oxo)" + "value": "4-androstene-3,6,17 trione", + "expanded": "4-androstene-3,6,17 trione (6-oxo)" }, { - "value": "Aminoglutethimide" + "value": "aminoglutethimide" }, { - "value": "Anastrozole" + "value": "anastrozole" }, { - "value": "Androsta-1,4,6-triene-3,17-dione (androstatrienedione)" + "value": "androsta-1,4,6-triene-3,17-dione", + "expanded": "androsta-1,4,6-triene-3,17-dione (androstatrienedione)" }, { - "value": "Androsta-3,5-diene-7,17-dione (arimistane)" + "value": "androsta-3,5-diene-7,17-dione", + "expanded": "androsta-3,5-diene-7,17-dione (arimistane)" }, { - "value": "Exemestane" + "value": "exemestane" }, { - "value": "Formestane" + "value": "formestane" }, { - "value": "Letrozole" + "value": "letrozole" }, { - "value": "Testolactone" + "value": "testolactone" }, { - "value": "Bazedoxifene" + "value": "bazedoxifene" }, { - "value": "Clomifene" + "value": "clomifene" }, { - "value": "Cyclofenil" + "value": "cyclofenil" }, { - "value": "Fulvestrant" + "value": "fulvestrant" }, { - "value": "Ospemifene" + "value": "ospemifene" }, { - "value": "Raloxifene" + "value": "raloxifene" }, { - "value": "Tamoxifen" + "value": "tamoxifen" }, { - "value": "Toremifene" + "value": "toremifene" }, { - "value": "Activin A-neutralizing antibodies" + "value": "activin a-neutralizing antibodies" }, { - "value": "Activin receptor IIB competitors such as: \nDecoy activin receptors (e.g. ACE-031)\n" + "value": "activin receptor iib competitors", + "expanded": "activin receptor iib competitors such as: decoy activin receptors (e.g. ace-031)" }, { - "value": "Decoy activin receptors (e.g. ACE-031)" + "value": "decoy activin receptors", + "expanded": "decoy activin receptors (e.g. ace-031)" }, { - "value": "Anti-activin receptor IIB antibodies (e.g. bimagrumab)" + "value": "anti-activin receptor iib antibodies", + "expanded": "anti-activin receptor iib antibodies (e.g. bimagrumab)" }, { - "value": "Myostatin inhibitors such as:\nAgents reducing or ablating myostatin expression\nMyostatin-binding proteins (e.g. follistatin, myostatin propeptide)\nMyostatin- or precursor - neutralizing  antibodies (e.g. apitegromab, domagrozumab, landogrozumab, stamulumab)\n" + "value": "myostatin inhibitors", + "expanded": "myostatin inhibitors such as: agents reducing or ablating myostatin expression myostatin-binding proteins (e.g. follistatin, myostatin propeptide) myostatin- or precursor - neutralizing  antibodies (e.g. apitegromab, domagrozumab, landogrozumab, stamulumab)" }, { - "value": "Agents reducing or ablating myostatin expression" + "value": "agents reducing or ablating myostatin expression" }, { - "value": "Myostatin-binding proteins (e.g. follistatin, myostatin propeptide)" + "value": "myostatin-binding proteins", + "expanded": "myostatin-binding proteins (e.g. follistatin, myostatin propeptide)" }, { - "value": "Myostatin- or precursor - neutralizing  antibodies (e.g. apitegromab, domagrozumab, landogrozumab, stamulumab)" + "value": "myostatini - or precursor - neutralizing  antibodies", + "expanded": "myostatin - or precursor - neutralizing  antibodies (e.g. apitegromab, domagrozumab, landogrozumab, stamulumab)" } ] }, { - "predicate": "DIURETICS AND MASKING AGENTS", + "predicate": "diuretics and masking agents", "entry": [ { - "value": "Desmopressin; probenecid; plasma expanders, e.g. intravenous administration of albumin, dextran, hydroxyethyl starch and mannitol." + "value": "desmopressin" }, { - "value": "Acetazolamide; amiloride; bumetanide; canrenone; chlortalidone; etacrynic acid; furosemide; indapamide; metolazone; spironolactone; thiazides, e.g. bendroflumethiazide, chlorothiazide and hydrochlorothiazide; torasemide; triamterene and vaptans, e.g. tolvaptan." + "value": "probenecid" }, { - "value": "Drospirenone; pamabrom; and topical ophthalmic administration of carbonic anhydrase inhibitors (e.g. dorzolamide, brinzolamide)" + "value": "plasma expanders", + "expanded": "plasma expanders, e.g. intravenous administration of albumin, dextran, hydroxyethyl starch and mannitol." }, { - "value": "Local administration of felypressin in dental anaesthesia" + "value": "acetazolamide" + }, + { + "value": "amiloride" + }, + { + "value": "bumetanide" + }, + { + "value": "canrenone" + }, + { + "value": "chlortalidone" + }, + { + "value": "etacrynic acid" + }, + { + "value": "furosemide" + }, + { + "value": "indapamide" + }, + { + "value": "metolazone" + }, + { + "value": "spironolactone" + }, + { + "value": "thiazides", + "expanded": "thiazides, e.g. bendroflumethiazide, chlorothiazide and hydrochlorothiazide" + }, + { + "value": "torasemide" + }, + { + "value": "triamterene" + }, + { + "value": "vaptans" + }, + { + "value": "vaptans, e.g. tolvaptan." + }, + { + "value": "drospirenone" + }, + { + "value": "pamabrom" + }, + { + "value": "carbonic anhydrase inhibitors", + "expanded": "topical ophthalmic administration of carbonic anhydrase inhibitors (e.g. dorzolamide, brinzolamide)" + }, + { + "value": "felypressin", + "expanded": "local administration of felypressin in dental anaesthesia" } ] }, { - "predicate": "STIMULANTS", + "predicate": "stimulants", "entry": [ { - "value": "Adrafinil" + "value": "adrafinil" }, { - "value": "Amfepramone" + "value": "amfepramone" }, { - "value": "Amfetamine" + "value": "amfetamine" }, { - "value": "Amfetaminil" + "value": "amfetaminil" }, { - "value": "Amiphenazole" + "value": "amiphenazole" }, { - "value": "Benfluorex" + "value": "benfluorex" }, { - "value": "Benzylpiperazine" + "value": "benzylpiperazine" }, { - "value": "Bromantan" + "value": "bromantan" }, { - "value": "Clobenzorex" + "value": "clobenzorex" }, { - "value": "Cocaine" + "value": "cocaine" }, { - "value": "Cropropamide" + "value": "cropropamide" }, { - "value": "Crotetamide" + "value": "crotetamide" }, { - "value": "Fencamine" + "value": "fencamine" }, { - "value": "Fenetylline" + "value": "fenetylline" }, { - "value": "Fenfluramine" + "value": "fenfluramine" }, { - "value": "Fenproporex" + "value": "fenproporex" }, { - "value": "Fonturacetam [4-phenylpiracetam (carphedon)]" + "value": "fonturacetam", + "expanded": "fonturacetam [4-phenylpiracetam (carphedon)]" }, { - "value": "Furfenorex" + "value": "furfenorex" }, { - "value": "Lisdexamfetamine" + "value": "lisdexamfetamine" }, { - "value": "Mefenorex" + "value": "mefenorex" }, { - "value": "Mephentermine" + "value": "mephentermine" }, { - "value": "Mesocarb" + "value": "mesocarb" }, { - "value": "Metamfetamine(d-)" + "value": "metamfetamine", + "expanded": "metamfetamine(d-)" }, { "value": "p-methylamfetamine" }, { - "value": "Modafinil" + "value": "modafinil" }, { - "value": "Norfenfluramine" + "value": "norfenfluramine" }, { - "value": "Phendimetrazine" + "value": "phendimetrazine" }, { - "value": "Phentermine" + "value": "phentermine" }, { - "value": "Prenylamine" + "value": "prenylamine" }, { - "value": "Prolintane" + "value": "prolintane" }, { - "value": "3-Methylhexan-2-amine (1,2-dimethylpentylamine)" + "value": "3-methylhexan-2-amine", + "expanded": "3-methylhexan-2-amine (1,2-dimethylpentylamine)" }, { "value": "4-fluoromethylphenidate" }, { - "value": "4-Methylhexan-2-amine (methylhexaneamine, 1,3-dimethylamylamine, 1,3 DMAA)" + "value": "4-methylhexan-2-amine", + "expanded": "4-methylhexan-2-amine (methylhexaneamine, 1,3-dimethylamylamine, 1,3 dmaa)" }, { - "value": "4-Methylpentan-2-amine (1,3-dimethylbutylamine)" + "value": "4-methylpentan-2-amine", + "expanded": "4-methylpentan-2-amine (1,3-dimethylbutylamine)" }, { - "value": "5-Methylhexan-2-amine (1,4-dimethylpentylamine, 1,4-dimethylamylamine, 1,4-DMAA)" + "value": "5-methylhexan-2-amine", + "expanded": "5-methylhexan-2-amine (1,4-dimethylpentylamine, 1,4-dimethylamylamine, 1,4-dmaa)" }, { - "value": "Benzfetamine" + "value": "benzfetamine" }, { - "value": "Cathine**" + "value": "cathine**" }, { - "value": "Cathinone and its analogues, e.g. mephedrone, methedrone, and α - pyrrolidinovalerophenone" + "value": "cathinone and its analogues", + "expanded": "cathinone and its analogues, e.g. mephedrone, methedrone, and α - pyrrolidinovalerophenone" }, { - "value": "Dimetamfetamine (dimethylamphetamine)" + "value": "dimetamfetamine", + "expanded": "dimetamfetamine (dimethylamphetamine)" }, { - "value": "Ephedrine***" + "value": "ephedrine***" }, { - "value": "Epinephrine**** (adrenaline)" + "value": "epinephrine****", + "expanded": "epinephrine**** (adrenaline)" }, { - "value": "Etamivan" + "value": "etamivan" }, { - "value": "Ethylphenidate" + "value": "ethylphenidate" }, { - "value": "Etilamfetamine" + "value": "etilamfetamine" }, { - "value": "Etilefrine" + "value": "etilefrine" }, { - "value": "Famprofazone" + "value": "famprofazone" }, { - "value": "Fenbutrazate" + "value": "fenbutrazate" }, { - "value": "Fencamfamin" + "value": "fencamfamin" }, { - "value": "Heptaminol" + "value": "heptaminol" }, { - "value": "Hydrafinil (fluorenol)" + "value": "hydrafinil", + "expanded": "hydrafinil (fluorenol)" }, { - "value": "Hydroxyamfetamine (parahydroxyamphetamine)" + "value": "hydroxyamfetamine", + "expanded": "hydroxyamfetamine (parahydroxyamphetamine)" }, { - "value": "Isometheptene" + "value": "isometheptene" }, { - "value": "Levmetamfetamine" + "value": "levmetamfetamine" }, { - "value": "Meclofenoxate" + "value": "meclofenoxate" }, { - "value": "Methylenedioxymetham- phetamine" + "value": "methylenedioxymetham- phetamine" }, { - "value": "Methylephedrine***" + "value": "methylephedrine***" }, { - "value": "Methylnaphthidate [((±)-methyl-2-(naphthalen-2-yl)-2-(piperidin-2-yl)acetate]" + "value": "methylnaphthidate", + "expanded": "methylnaphthidate [((±)-methyl-2-(naphthalen-2-yl)-2-(piperidin-2-yl)acetate]" }, { - "value": "Methylphenidate" + "value": "methylphenidate" }, { - "value": "Nikethamide" + "value": "nikethamide" }, { - "value": "Norfenefrine" + "value": "norfenefrine" }, { - "value": "Octodrine (1,5-dimethylhex- ylamine)" + "value": "octodrine", + "expanded": "octodrine (1,5-dimethylhex- ylamine)" }, { - "value": "Octopamine" + "value": "octopamine" }, { - "value": "Oxilofrine (methylsynephrine)" + "value": "oxilofrine", + "expanded": "oxilofrine (methylsynephrine)" }, { - "value": "Pemoline" + "value": "pemoline" }, { - "value": "Pentetrazol" + "value": "pentetrazol" }, { - "value": "Phenethylamine and its derivatives" + "value": "phenethylamine and its derivatives" }, { - "value": "Phenmetrazine" + "value": "phenmetrazine" }, { - "value": "Phenpromethamine" + "value": "phenpromethamine" }, { - "value": "Propylhexedrine" + "value": "propylhexedrine" }, { - "value": "Pseudoephedrine*****" + "value": "pseudoephedrine*****" }, { - "value": "Selegiline" + "value": "selegiline" }, { - "value": "Sibutramine" + "value": "sibutramine" }, { - "value": "Solriamfetol" + "value": "solriamfetol" }, { - "value": "Strychnine" + "value": "strychnine" }, { - "value": "Tenamfetamine (methylenedioxyamphet- amine)" + "value": "tenamfetamine", + "expanded": "tenamfetamine (methylenedioxyamphet- amine)" }, { - "value": "Tuaminoheptane" + "value": "tuaminoheptane" }, { - "value": "Clonidine" + "value": "clonidine" }, { - "value": "Imidazole derivatives for dermatological, nasal, ophthalmic or otic use (e.g. brimonidine, clonazoline, fenoxazoline, indanazoline, naphazoline, oxymetazoline, tetryzoline, xylometazoline) and those stimulants included in the 2023 Monitoring Program*" + "value": "imidazole derivatives", + "expanded": "imidazole derivatives for dermatological, nasal, ophthalmic or otic use (e.g. brimonidine, clonazoline, fenoxazoline, indanazoline, naphazoline, oxymetazoline, tetryzoline, xylometazoline) and those stimulants included in the 2023 monitoring program*" } ] }, { - "predicate": "NARCOTICS", + "predicate": "narcotics", "entry": [ { - "value": "Buprenorphine" + "value": "buprenorphine" }, { - "value": "Dextromoramide" + "value": "dextromoramide" }, { - "value": "Diamorphine (heroin)" + "value": "diamorphine", + "expanded": "diamorphine (heroin)" }, { - "value": "Fentanyl and its derivatives" + "value": "fentanyl", + "expanded": "fentanyl and its derivatives" }, { - "value": "Hydromorphone" + "value": "hydromorphone" }, { - "value": "Methadone" + "value": "methadone" }, { - "value": "Morphine" + "value": "morphine" }, { - "value": "Nicomorphine" + "value": "nicomorphine" }, { - "value": "Oxycodone" + "value": "oxycodone" }, { - "value": "Oxymorphone" + "value": "oxymorphone" }, { - "value": "Pentazocine" + "value": "pentazocine" }, { - "value": "Pethidine" + "value": "pethidine" } ] }, { - "predicate": "CANNABINOIDS", + "predicate": "cannabinoids", "entry": [ { - "value": "In cannabis (hashish, marijuana) and cannabis products" + "value": "in cannabis", + "expanded": "in cannabis (hashish, marijuana) and cannabis products" }, { - "value": "Synthetic cannabinoids that mimic the effects of THC" + "value": "synthetic cannabinoids that mimic the effects of thc" }, { - "value": "Natural and synthetic tetrahydrocannabinols (THCs)" + "value": "natural and synthetic tetrahydrocannabinols", + "expanded": "natural and synthetic tetrahydrocannabinols (thcs)" }, { - "value": "Cannabidiol" + "value": "cannabidiol" } ] }, { - "predicate": "GLUCOCORTICOIDS", + "predicate": "glucocorticoids", "entry": [ { - "value": "Beclometasone" + "value": "beclometasone" }, { - "value": "Betamethasone" + "value": "betamethasone" }, { - "value": "Budesonide" + "value": "budesonide" }, { - "value": "Ciclesonide" + "value": "ciclesonide" }, { - "value": "Cortisone" + "value": "cortisone" }, { - "value": "Deflazacort" + "value": "deflazacort" }, { - "value": "Dexamethasone" + "value": "dexamethasone" }, { - "value": "Flucortolone" + "value": "flucortolone" }, { - "value": "Flunisolide" + "value": "flunisolide" }, { - "value": "Fluticasone" + "value": "fluticasone" }, { - "value": "Hydrocortisone" + "value": "hydrocortisone" }, { - "value": "Methylprednisolone" + "value": "methylprednisolone" }, { - "value": "Mometasone" + "value": "mometasone" }, { - "value": "Prednisolone" + "value": "prednisolone" }, { - "value": "Prednisone" + "value": "prednisone" }, { - "value": "Triamcinolone acetonide" + "value": "triamcinolone acetonide" } ] }, { - "predicate": "BETA-BLOCKERS", + "predicate": "beta-blockers", "entry": [ { - "value": "Archery (WA)*" + "value": "acebutolol" }, { - "value": "Automobile (FIA)" + "value": "alprenolol" }, { - "value": "Billiards (all disciplines) (WCBS)" + "value": "atenolol" }, { - "value": "Darts (WDF)" + "value": "betaxolol" }, { - "value": "Golf (IGF)" + "value": "bisoprolol" }, { - "value": "Mini-Golf (WMF)" + "value": "bunolol" }, { - "value": "Shooting (ISSF, IPC)*" + "value": "carteolol" }, { - "value": "Skiing/Snowboarding (FIS) in ski jumping, freestyle aerials/halfpipe and snowboard halfpipe/big air" + "value": "carvedilol" }, { - "value": "Underwater sports (CMAS)* in all subdisciplines of freediving, spearfishing and target shooting" + "value": "celiprolol" }, { - "value": "Acebutolol" + "value": "esmolol" }, { - "value": "Alprenolol" + "value": "labetalol" }, { - "value": "Atenolol" + "value": "metipranolol" }, { - "value": "Betaxolol" + "value": "metoprolol" }, { - "value": "Bisoprolol" + "value": "nadolol" }, { - "value": "Bunolol" + "value": "nebivolol" }, { - "value": "Carteolol" + "value": "oxprenolol" }, { - "value": "Carvedilol" + "value": "pindolol" }, { - "value": "Celiprolol" + "value": "propranolol" }, { - "value": "Esmolol" + "value": "sotalol" }, { - "value": "Labetalol" - }, - { - "value": "Metipranolol" - }, - { - "value": "Metoprolol" - }, - { - "value": "Nadolol" - }, - { - "value": "Nebivolol" - }, - { - "value": "Oxprenolol" - }, - { - "value": "Pindolol" - }, - { - "value": "Propranolol" - }, - { - "value": "Sotalol" - }, - { - "value": "Timolol" + "value": "timolol" } ] } ] -} \ No newline at end of file +} From 65e8a70bb9e8e7cdf551da8db59676dad699af1a Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 18 Oct 2023 17:03:46 +0200 Subject: [PATCH 14/20] chg: Updated manifest with the new taxonomy description --- MANIFEST.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MANIFEST.json b/MANIFEST.json index c9dc7ce..17969bc 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -742,6 +742,11 @@ "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.", "name": "workflow", "version": 11 + }, + { + "description": "This taxonomy aims to list doping substances", + "name": "doping-substances", + "version": 2 } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", From e8892b6cf91551d93acf94ce52a36a7112e756cc Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 19 Oct 2023 09:51:45 +0200 Subject: [PATCH 15/20] chg: [adoc] exclude `doping-substances` from adoc generation --- tools/machinetag.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/machinetag.py b/tools/machinetag.py index d26252f..66ed96c 100755 --- a/tools/machinetag.py +++ b/tools/machinetag.py @@ -32,7 +32,7 @@ import argparse import os import sys -skip_list = ['death-possibilities', 'poison-taxonomy'] +skip_list = ['death-possibilities', 'poison-taxonomy', 'doping-substances'] taxonomies = [] # Get our current directory from file location From 9f481f4aee1932c4365b61cdee31f5419147edd4 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 15 Nov 2023 14:09:51 +0100 Subject: [PATCH 16/20] new: [srbcert] New taxonomy for the SRB-CERT --- MANIFEST.json | 31 ++++--- srbcert/machinetag.json | 191 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 209 insertions(+), 13 deletions(-) create mode 100644 srbcert/machinetag.json diff --git a/MANIFEST.json b/MANIFEST.json index 17969bc..35dd6c7 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -89,9 +89,9 @@ "version": 2 }, { - "description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection", + "description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection.", "name": "circl", - "version": 5 + "version": 6 }, { "description": "La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital del Perú.", @@ -124,7 +124,7 @@ "version": 2 }, { - "description": "The Crowdsec behaviors and classifications taxonomy is the list of taxonomies used in Crowdsec to describe the behaviors and classifications of an IP address. The behaviors are a list of attack categories for which a given IP address was reported, where the classifications describe a list of categories associated to an IP address and, when applicable, a list of false positive categories.", + "description": "Crowdsec IP address classifications and behaviors taxonomy.", "name": "crowdsec", "version": 1 }, @@ -238,6 +238,11 @@ "name": "domain-abuse", "version": 2 }, + { + "description": "This taxonomy aims to list doping substances", + "name": "doping-substances", + "version": 2 + }, { "description": "A taxonomy based on the superclass and class of drugs. Based on https://www.drugbank.ca/releases/latest", "name": "drugs", @@ -511,7 +516,7 @@ { "description": "MISP workflow taxonomy to support result of workflow execution.", "name": "misp-workflow", - "version": 2 + "version": 3 }, { "description": "MONARC Threats Taxonomy", @@ -626,7 +631,7 @@ { "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", "name": "runtime-packer", - "version": 1 + "version": 2 }, { "description": "Flags describing the sample", @@ -658,6 +663,11 @@ "name": "social-engineering-attack-vectors", "version": 1 }, + { + "description": "SRB-CERT Taxonomy - Schemes of Classification in Incident Response and Detection", + "name": "srbcert", + "version": 1 + }, { "description": "A spectrum of state responsibility to more directly tie the goals of attribution to the needs of policymakers.", "name": "state-responsibility", @@ -696,7 +706,7 @@ { "description": "The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.", "name": "tlp", - "version": 7 + "version": 9 }, { "description": "Taxonomy to describe Tor network infrastructure", @@ -741,14 +751,9 @@ { "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.", "name": "workflow", - "version": 11 - }, - { - "description": "This taxonomy aims to list doping substances", - "name": "doping-substances", - "version": 2 + "version": 12 } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", - "version": "20230514" + "version": "20231115" } diff --git a/srbcert/machinetag.json b/srbcert/machinetag.json new file mode 100644 index 0000000..a9904f8 --- /dev/null +++ b/srbcert/machinetag.json @@ -0,0 +1,191 @@ +{ + "namespace": "srbcert", + "description": "SRB-CERT Taxonomy - Schemes of Classification in Incident Response and Detection", + "version": 1, + "predicates": [ + { + "value": "incident-type", + "expanded": "Incident Type" + }, + { + "value": "incident-criticality-level", + "expanded": "Incident Criticality Level" + } + ], + "values": [ + { + "predicate": "incident-type", + "entry": [ + { + "value": "virus", + "expanded": "Virus" + }, + { + "value": "worm", + "expanded": "Worm" + }, + { + "value": "ransomware", + "expanded": "Ransomware" + }, + { + "value": "trojan", + "expanded": "Trojan" + }, + { + "value": "spyware", + "expanded": "Spyware" + }, + { + "value": "rootkit", + "expanded": "Rootkit" + }, + { + "value": "malware", + "expanded": "Malware" + }, + { + "value": "port-scanning", + "expanded": "Port scanning" + }, + { + "value": "sniffing", + "expanded": "Sniffing" + }, + { + "value": "social-engineering", + "expanded": "Social engineering" + }, + { + "value": "data-breaches", + "expanded": "Data breaches" + }, + { + "value": "other-type-of-information-gathering", + "expanded": "Other type of information gathering" + }, + { + "value": "phishing", + "expanded": "Phishing" + }, + { + "value": "unauthorized-use-of-resources", + "expanded": "Unauthorized use of resources" + }, + { + "value": "fraud", + "expanded": "Fraud" + }, + { + "value": "exploiting-known-vulnerabilities", + "expanded": "Exploiting known vulnerabilities" + }, + { + "value": "brute-force", + "expanded": "Brute force" + }, + { + "value": "other-type-of-intrusion-attempts", + "expanded": "Other type of Intrusion Attempts" + }, + { + "value": "privilege-account-compromise", + "expanded": "Privilege account compromise" + }, + { + "value": "unprivileged-account-compromise", + "expanded": "Unprivileged account compromise" + }, + { + "value": "application-compromise", + "expanded": "Application compromise" + }, + { + "value": "botnet", + "expanded": "Botnet" + }, + { + "value": "other-type-of-intrusions", + "expanded": "Other type of intrusions" + }, + { + "value": "dos", + "expanded": "DoS" + }, + { + "value": "ddos", + "expanded": "DDoS" + }, + { + "value": "sabotage", + "expanded": "Sabotage" + }, + { + "value": "outage", + "expanded": "Outage" + }, + { + "value": "other-type-of-availability-incident", + "expanded": "Other type of Availability incident" + }, + { + "value": "unauthorized-access-to-information", + "expanded": "Unauthorized access to information" + }, + { + "value": "unauthorized-modification-of-information", + "expanded": "Unauthorized modification of information" + }, + { + "value": "cryptographic-attack", + "expanded": "Cryptographic attack" + }, + { + "value": "other-type-of-information-content-security-incident", + "expanded": "Other type of Information Content Security incident" + }, + { + "value": "hardware-errors", + "expanded": "Hardware errors" + }, + { + "value": "software-errors", + "expanded": "Software errors" + }, + { + "value": "software-errors", + "expanded": "Software errors" + }, + { + "value": "hardware-components-theft", + "expanded": "hardware-components-theft" + }, + { + "value": "other", + "expanded": "Other" + } + ] + }, + { + "predicate": "incident-criticality-level", + "entry": [ + { + "value": "low", + "expanded": "Low" + }, + { + "value": "medium", + "expanded": "Medium" + }, + { + "value": "high", + "expanded": "High" + }, + { + "value": "very-high", + "expanded": "Very High" + } + ] + } + ] +} From d4b54e3f63c9181d70474cc4b34da801104472e6 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 15 Nov 2023 14:30:05 +0100 Subject: [PATCH 17/20] fix: [srbcert] various fixes - Duplicates removed - Numerical value added --- srbcert/machinetag.json | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/srbcert/machinetag.json b/srbcert/machinetag.json index a9904f8..f0ccbb1 100644 --- a/srbcert/machinetag.json +++ b/srbcert/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "srbcert", "description": "SRB-CERT Taxonomy - Schemes of Classification in Incident Response and Detection", - "version": 1, + "version": 3, "predicates": [ { "value": "incident-type", @@ -18,11 +18,13 @@ "entry": [ { "value": "virus", - "expanded": "Virus" + "expanded": "virus", + "description": "Virus is a piece of malicious code that aims to spread from computer to computer by attacking executable files and documents and can cause deliberate deletion of files from the hard drive and similar damage" }, { "value": "worm", - "expanded": "Worm" + "expanded": "worm", + "description": "Worm is a program that contains malicious code that spreads over a network, in such a way that it can reproduce and transfer , which reproduces and transfers independently, i.e. it does not depend on the files of the infected person device. Worms spread to email addresses from the victim's contact list or exploit the vulnerabilities of network applications and, due to the high speed of propagation, serve for transmission of other types of malicious software " }, { "value": "ransomware", @@ -42,7 +44,7 @@ }, { "value": "malware", - "expanded": "Malware" + "expanded": "Malware is a word derived from two words - Malicious Software, and represents any software that is written for malicious purposes, i.e. that aims to cause harm computer systems or networks" }, { "value": "port-scanning", @@ -152,10 +154,6 @@ "value": "software-errors", "expanded": "Software errors" }, - { - "value": "software-errors", - "expanded": "Software errors" - }, { "value": "hardware-components-theft", "expanded": "hardware-components-theft" @@ -171,19 +169,23 @@ "entry": [ { "value": "low", - "expanded": "Low" + "expanded": "Low", + "numerical_value": 25 }, { "value": "medium", - "expanded": "Medium" + "expanded": "Medium", + "numerical_value": 50 }, { "value": "high", - "expanded": "High" + "expanded": "High", + "numerical_value": 75 }, { "value": "very-high", - "expanded": "Very High" + "expanded": "Very High", + "numerical_value": 100 } ] } From 873fc6209fd247920635824c755023ab6787ae62 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 22 Nov 2023 11:28:15 +0100 Subject: [PATCH 18/20] fix: [PAP] following pull-request from @vba-anssi #261 PAP aligned with TLP version 2 --- PAP/machinetag.json | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/PAP/machinetag.json b/PAP/machinetag.json index c6be37e..8bf3381 100644 --- a/PAP/machinetag.json +++ b/PAP/machinetag.json @@ -2,23 +2,28 @@ "namespace": "PAP", "expanded": "Permissible Actions Protocol", "description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.", - "version": 2, + "version": 3, "exclusive": true, "predicates": [ { "value": "RED", "expanded": "(PAP:RED) Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.", - "colour": "#ff0000" + "colour": "#ff2b2b" }, { "value": "AMBER", "expanded": "(PAP:AMBER) Passive cross check. Recipients may use PAP:AMBER information for conducting online checks, like using services provided by third parties (e.g. VirusTotal), or set up a monitoring honeypot.", - "colour": "#ffa800" + "colour": "#ffc000" }, { "value": "GREEN", "expanded": "(PAP:GREEN) Active actions allowed. Recipients may use PAP:GREEN information to ping the target, block incoming/outgoing traffic from/to the target or specifically configure honeypots to interact with the target.", - "colour": "#00ad1c" + "colour": "#33ff00" + }, + { + "value": "CLEAR", + "expanded": "(PAP:CLEAR) No restrictions in using this information.", + "colour": "#ffffff" }, { "value": "WHITE", From 6efa8c30757930109fbc96d6f582532882d15bc9 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 22 Nov 2023 11:32:14 +0100 Subject: [PATCH 19/20] fix: [tlp] updated TLP:AMBER+strict description based on #261 by @vba-anssi --- tlp/machinetag.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tlp/machinetag.json b/tlp/machinetag.json index b80e9b1..0861232 100755 --- a/tlp/machinetag.json +++ b/tlp/machinetag.json @@ -15,7 +15,7 @@ { "colour": "#FFC000", "description": "Limited disclosure, recipients can only spread this on a need-to-know basis within their organization. Sources may use TLP:AMBER+STRICT when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:AMBER+STRICT information with members of their own organization.", - "expanded": "Limited disclosure, recipients can only spread this on a need-to-know basis within their organization.", + "expanded": "(TLP:AMBER+STRICT) Limited disclosure, recipients can only spread this on a need-to-know basis within their organization.", "value": "amber+strict" }, { @@ -50,7 +50,7 @@ "refs": [ "https://www.first.org/tlp" ], - "version": 9, + "version": 10, "description": "The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.", "expanded": "Traffic Light Protocol", "exclusive": true, From 8d957d224ef339303d001167900ee38ce586d22d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 22 Nov 2023 11:38:45 +0100 Subject: [PATCH 20/20] chg: [MANIFEST] updated --- MANIFEST.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index 35dd6c7..754ef76 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -26,7 +26,7 @@ { "description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.", "name": "PAP", - "version": 2 + "version": 3 }, { "description": "The access method used to remotely access a system.", @@ -666,7 +666,7 @@ { "description": "SRB-CERT Taxonomy - Schemes of Classification in Incident Response and Detection", "name": "srbcert", - "version": 1 + "version": 3 }, { "description": "A spectrum of state responsibility to more directly tie the goals of attribution to the needs of policymakers.", @@ -706,7 +706,7 @@ { "description": "The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.", "name": "tlp", - "version": 9 + "version": 10 }, { "description": "Taxonomy to describe Tor network infrastructure", @@ -755,5 +755,5 @@ } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", - "version": "20231115" + "version": "20231122" }