MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #143 from michael-hamm/master 

RSIT taxonomie added
pull/144/head
Alexandre Dulaunoy 2019-05-14 14:14:46 +02:00 committed by GitHub
parent 3d2b8b1fcf edaaaa5ccc
commit a1818f5bff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
mapping/mapping.json
View File

@ -1,6 +1,12 @@
{
"DDoS": {
"values": [
"rsit:availability=\"dos\"",
"rsit:availability=\"ddos\"",
"rsit:availability=\"misconfiguration\"",
"rsit:availability=\"sabotage\"",
"rsit:availability=\"outage\"",
"rsit:vulnerable=\"ddos-amplifier\"",
"ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"",
"ms-caro-malware:malware-type=\"DDoS\"",
@ -26,6 +32,13 @@
},
"exploit": {
"values": [
"rsit:intrusion-attempts=\"ids-alert\"",
"rsit:intrusion-attempts=\"exploit\"",
"rsit:intrusions=\"application-compromise\"",
"rsit:intrusions=\"burglary\"",
"rsit:vulnerable=\"weak-crypto\"",
"rsit:vulnerable=\"information-disclosure\"",
"rsit:vulnerable=\"vulnerable-system\"",
"veris:action:malware:variety=\"Exploit vuln\"",
"ecsirt:intrusion-attempts=\"exploit\"",
"europol-event:exploit",
@ -35,12 +48,19 @@
},
"malware": {
"values": [
"rsit:malicious-code=\"infected-system\"",
"rsit:malicious-code=\"malware-distribution\"",
"rsit:malicious-code=\"malware-configuration\"",
"ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\""
]
},
"Remote Access Tool": {
"values": [
"rsit:information-content-security=\"unauthorised-information-access\"",
"rsit:information-content-security=\"unauthorised-information-modification\"",
"rsit:information-content-security=\"data-loss\"",
"rsit:vulnerable=\"potentially-unwanted-accessible\"",
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
"ms-caro-malware:malware-type=\"RemoteAccess\""
]
@ -57,6 +77,7 @@
},
"spam": {
"values": [
"rsit:abusive-content=\"spam\"",
"circl:incident-classification=\"spam\"",
"ecsirt:abusive-content=\"spam\"",
"enisa:nefarious-activity-abuse=\"spam\"",
@ -68,6 +89,7 @@
},
"scan": {
"values": [
"rsit:information-gathering=\"scanner\"",
"circl:incident-classification=\"scan\"",
"ecsirt:information-gathering=\"scanner\"",
"europol-incident:information-gathering=\"scanning\""
@ -75,6 +97,7 @@
},
"scan network": {
"values": [
"rsit:information-gathering=\"sniffing\"",
"veris:action:malware:variety=\"Scan network\"",
"europol-event:network-scanning"
]
@ -87,6 +110,8 @@
},
"phishing": {
"values": [
"rsit:fraud=\"phishing\"",
"rsit:information-gathering=\"social-engineering\"",
"circl:incident-classification=\"phishing\"",
"ecsirt:fraud=\"phishing\"",
"veris:action:social:variety=\"Phishing\"",
@ -96,6 +121,7 @@
},
"brute force": {
"values": [
"rsit:intrusion-attempts=\"brute-force\"",
"ecsirt:intrusion-attempts=\"brute-force\"",
"veris:action:malware:variety=\"Brute force\"",
"europol-event:brute-force-attempt",
@ -104,6 +130,8 @@
},
"backdoor": {
"values": [
"rsit:intrusions=\"privileged-account-compromise\"",
"rsit:intrusions=\"unprivileged-account-compromise\"",
"ecsirt:intrusions=\"backdoor\"",
"veris:action:malware:variety=\"Backdoor\"",
"ms-caro-malware:malware-type=\"Backdoor\""
@ -111,6 +139,7 @@
},
"c&c": {
"values": [
"rsit:malicious-code=\"c2-server\"",
"ecsirt:malicious-code=\"c&c\"",
"europol-incident:malware=\"c&c\"",
"europol-event:c&c-server-hosting",
@ -127,6 +156,7 @@
},
"Adware": {
"values": [
"rsit:fraud=\"unauthorized-use-of-resources\"",
"veris:action:malware:variety=\"Adware\"",
"malware_classification:malware-category=\"Adware\"",
"ms-caro-malware:malware-type=\"Adware\""
@ -168,6 +198,24 @@
"ecsirt:malicious-code=\"worm\""
]
},
"Content": {
"values": [
"rsit:abusive-content=\"harmful-speech\"",
"rsit:abusive-content=\"violence\"",
"rsit:fraud=\"copyright\"",
"rsit:fraud=\"masquerade\""
]
},
"other": {
"values": [
"rsit:other=\"other\""
]
},
"test": {
"values": [
"rsit:test=\"test\""
]
},
"tlp-white": {
"values": [
"tlp:white",