Merge pull request #220 from matthijsvp/unified-kill-chain

Initial commit of Unified Kill Chain.
2021-12-23 16:14:30 +01:00 · 2021-12-23 16:14:30 +01:00 · a266d7ea20
parent 4e542ead41 d98fc3d1b1
commit a266d7ea20
2 changed files with 118 additions and 0 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -647,6 +647,11 @@
      "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
      "name": "workflow",
      "version": 10
+    },
+    {
+      "description": "The Unified Kill Chain is a refinement to the Kill Chain.",
+      "name": "unified-kill-chain",
+      "version": 1
    }
  ],
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
--- a/unified-kill-chain/machinetag.json
+++ b/unified-kill-chain/machinetag.json
@ -0,0 +1,113 @@
+{
+  "namespace": "unified-kill-chain",
+  "expanded": "Unified Kill Chain",
+  "description": "The Unified Kill Chain is a refinement to the Kill Chain.",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "Initial Foothold",
+      "expanded": "Initial Foothold"
+    },
+    {
+      "value": "Network Propagation",
+      "expanded": "Network Propagation"
+    },
+    {
+      "value": "Action on Objectives",
+      "expanded": "Action on Objectives"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "Initial Foothold",
+      "entry": [
+        {
+          "expanded": "Reconnaissance",
+          "value": "reconnaissance"
+        },
+        {
+          "expanded": "Weaponization",
+          "value": "weaponization"
+        },
+        {
+          "expanded": "Delivery",
+          "value": "delivery"
+        },
+        {
+          "expanded": "Social Engineering",
+          "value": "social-engineering"
+        },
+        {
+          "expanded": "Exploitation",
+          "value": "exploitation"
+        },
+        {
+          "expanded": "Persistence",
+          "value": "persistence"
+        },
+        {
+          "expanded": "Defense Evasion",
+          "value": "defense-evasion"
+        },
+        {
+          "expanded": "Command & Control",
+          "value": "command-control"
+        }
+      ]
+    },
+    {
+      "predicate": "Network Propagation",
+      "entry": [
+        {
+          "expanded": "Pivoting",
+          "value": "pivoting"
+        },
+        {
+          "expanded": "Discovery",
+          "value": "discovery"
+        },
+        {
+          "expanded": "Privilege Escalation",
+          "value": "privilege-escalation"
+        },
+        {
+          "expanded": "Execution",
+          "value": "execution"
+        },
+        {
+          "expanded": "Credential Access",
+          "value": "credential-access"
+        },
+        {
+          "expanded": "Lateral Movement",
+          "value": "lateral-movement"
+        }
+      ]
+    },
+    {
+      "predicate": "Action on Objectives",
+      "entry": [
+        {
+          "expanded": "Access",
+          "value": "access"
+        },
+        {
+          "expanded": "Collection",
+          "value": "collection"
+        },
+        {
+          "expanded": "Exfiltration",
+          "value": "exfiltration"
+        },
+        {
+          "expanded": "Impact",
+          "value": "impact"
+        },
+        {
+          "expanded": "Objectives",
+          "value": "objectives"
+        }
+      ]
+    }
+  ]
+}