From edaaaa5ccc6bc998a31284c89527e1c456b30d45 Mon Sep 17 00:00:00 2001 From: Michael Hamm Date: Tue, 14 May 2019 13:32:40 +0200 Subject: [PATCH] RSIT taxonomie added --- mapping/mapping.json | 48 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/mapping/mapping.json b/mapping/mapping.json index b589879..4d4b435 100644 --- a/mapping/mapping.json +++ b/mapping/mapping.json @@ -1,6 +1,12 @@ { "DDoS": { "values": [ + "rsit:availability=\"dos\"", + "rsit:availability=\"ddos\"", + "rsit:availability=\"misconfiguration\"", + "rsit:availability=\"sabotage\"", + "rsit:availability=\"outage\"", + "rsit:vulnerable=\"ddos-amplifier\"", "ecsirt:availability=\"ddos\"", "europol-incident:availability=\"dos-ddos\"", "ms-caro-malware:malware-type=\"DDoS\"", @@ -26,6 +32,13 @@ }, "exploit": { "values": [ + "rsit:intrusion-attempts=\"ids-alert\"", + "rsit:intrusion-attempts=\"exploit\"", + "rsit:intrusions=\"application-compromise\"", + "rsit:intrusions=\"burglary\"", + "rsit:vulnerable=\"weak-crypto\"", + "rsit:vulnerable=\"information-disclosure\"", + "rsit:vulnerable=\"vulnerable-system\"", "veris:action:malware:variety=\"Exploit vuln\"", "ecsirt:intrusion-attempts=\"exploit\"", "europol-event:exploit", @@ -35,12 +48,19 @@ }, "malware": { "values": [ + "rsit:malicious-code=\"infected-system\"", + "rsit:malicious-code=\"malware-distribution\"", + "rsit:malicious-code=\"malware-configuration\"", "ecsirt:malicious-code=\"malware\"", "circl:incident-classification=\"malware\"" ] }, "Remote Access Tool": { "values": [ + "rsit:information-content-security=\"unauthorised-information-access\"", + "rsit:information-content-security=\"unauthorised-information-modification\"", + "rsit:information-content-security=\"data-loss\"", + "rsit:vulnerable=\"potentially-unwanted-accessible\"", "enisa:nefarious-activity-abuse=\"remote-access-tool\"", "ms-caro-malware:malware-type=\"RemoteAccess\"" ] @@ -57,6 +77,7 @@ }, "spam": { "values": [ + "rsit:abusive-content=\"spam\"", "circl:incident-classification=\"spam\"", "ecsirt:abusive-content=\"spam\"", "enisa:nefarious-activity-abuse=\"spam\"", @@ -68,6 +89,7 @@ }, "scan": { "values": [ + "rsit:information-gathering=\"scanner\"", "circl:incident-classification=\"scan\"", "ecsirt:information-gathering=\"scanner\"", "europol-incident:information-gathering=\"scanning\"" @@ -75,6 +97,7 @@ }, "scan network": { "values": [ + "rsit:information-gathering=\"sniffing\"", "veris:action:malware:variety=\"Scan network\"", "europol-event:network-scanning" ] @@ -87,6 +110,8 @@ }, "phishing": { "values": [ + "rsit:fraud=\"phishing\"", + "rsit:information-gathering=\"social-engineering\"", "circl:incident-classification=\"phishing\"", "ecsirt:fraud=\"phishing\"", "veris:action:social:variety=\"Phishing\"", @@ -96,6 +121,7 @@ }, "brute force": { "values": [ + "rsit:intrusion-attempts=\"brute-force\"", "ecsirt:intrusion-attempts=\"brute-force\"", "veris:action:malware:variety=\"Brute force\"", "europol-event:brute-force-attempt", @@ -104,6 +130,8 @@ }, "backdoor": { "values": [ + "rsit:intrusions=\"privileged-account-compromise\"", + "rsit:intrusions=\"unprivileged-account-compromise\"", "ecsirt:intrusions=\"backdoor\"", "veris:action:malware:variety=\"Backdoor\"", "ms-caro-malware:malware-type=\"Backdoor\"" @@ -111,6 +139,7 @@ }, "c&c": { "values": [ + "rsit:malicious-code=\"c2-server\"", "ecsirt:malicious-code=\"c&c\"", "europol-incident:malware=\"c&c\"", "europol-event:c&c-server-hosting", @@ -127,6 +156,7 @@ }, "Adware": { "values": [ + "rsit:fraud=\"unauthorized-use-of-resources\"", "veris:action:malware:variety=\"Adware\"", "malware_classification:malware-category=\"Adware\"", "ms-caro-malware:malware-type=\"Adware\"" @@ -168,6 +198,24 @@ "ecsirt:malicious-code=\"worm\"" ] }, + "Content": { + "values": [ + "rsit:abusive-content=\"harmful-speech\"", + "rsit:abusive-content=\"violence\"", + "rsit:fraud=\"copyright\"", + "rsit:fraud=\"masquerade\"" + ] + }, + "other": { + "values": [ + "rsit:other=\"other\"" + ] + }, + "test": { + "values": [ + "rsit:test=\"test\"" + ] + }, "tlp-white": { "values": [ "tlp:white",