MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'paulingega-sa-main' into main

pull/206/head
Alexandre Dulaunoy 2020-08-20 13:46:21 +02:00
parent a6ce68a4bf eb18a1309c
commit b2bd9f7e99
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
9 changed files with 591 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
MANIFEST.json
View File

@ -409,9 +409,9 @@
"version": 2
},
{
"description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical 'News' Sources by Melissa Zimdars 2019",
"description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019",
"name": "misinformation-website-label",
"version": "1"
"version": 1
},
{
"description": "MISP taxonomy to infer with MISP behavior or operation.",
@ -543,6 +543,26 @@
"name": "targeted-threat-index",
"version": 3
},
{
"description": "The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"name": "ThreatMatch",
"version": 1
},
{
"description": "The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"name": "ThreatMatch",
"version": 1
},
{
"description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"name": "ThreatMatch",
"version": 1
},
{
"description": "The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"name": "ThreatMatch",
"version": 1
},
{
"description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 11. doi:10.1109/comst.2018.2849614",
"name": "threats-to-dns",
@ -590,5 +610,5 @@
}
],
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
"version": "20200612"
"version": "20200820"
}

3
threatmatch-alert-types/README.md Normal file
View File

@ -0,0 +1,3 @@
## Alert types
Alert tags are used by the ThreatMatch platform to categorise a relevant threat.
Tags should be used for all CIISI and TIBER projects.

99
threatmatch-alert-types/machinetag.json Normal file
View File

@ -0,0 +1,99 @@
{
"namespace": "ThreatMatch",
"expanded": "Alert Types for Sharing into ThreatMatch and MISP.",
"version": 1,
"description": "The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"refs": [
"https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
],
"predicates": [
{
"value": "alert_type",
"expanded": "Alert type"
}
],
"values": [
{
"predicate": "alert_type",
"entry": [
{
"value": "Actor Campaigns",
"expanded": "Actor Campaigns"
},
{
"value": "Credential Breaches",
"expanded": "Credential Breaches"
},
{
"value": "DDoS",
"expanded": "DDoS"
},
{
"value": "Exploit Alert",
"expanded": "Exploit Alert"
},
{
"value": "General Notification",
"expanded": "General Notification"
},
{
"value": "High Impact Vulnerabilities",
"expanded": "High Impact Vulnerabilities"
},
{
"value": "Information Leakages",
"expanded": "Information Leakages"
},
{
"value": "Malware Analysis",
"expanded": "Malware Analysis"
},
{
"value": "Nefarious Domains",
"expanded": "Nefarious Domains"
},
{
"value": "Nefarious Forum Mention",
"expanded": "Nefarious Forum Mention"
},
{
"value": "Pastebin Dumps",
"expanded": "Pastebin Dumps"
},
{
"value": "Phishing Attempts",
"expanded": "Phishing Attempts"
},
{
"value": "PII Exposure",
"expanded": "PII Exposure"
},
{
"value": "Sensitive Information Disclosures",
"expanded": "Sensitive Information Disclosures"
},
{
"value": "Social Media Alerts",
"expanded": "Social Media Alerts"
},
{
"value": "Supply Chain Event",
"expanded": "Supply Chain Event"
},
{
"value": "Technical Exposure",
"expanded": "Technical Exposure"
},
{
"value": "Threat Actor Updates",
"expanded": "Threat Actor Updates"
},
{
"value": "Trigger Events",
"expanded": "Trigger Events"
}
]
}
]
}

3
threatmatch-incident-types/README.md Normal file
View File

@ -0,0 +1,3 @@
## Incident types
Incident tags are used by the ThreatMatch platform to categorise a relevant incident event.
Tags should be used for all CIISI and TIBER projects.

175
threatmatch-incident-types/machinetag.json Normal file
View File

@ -0,0 +1,175 @@
{
"namespace": "ThreatMatch",
"expanded": "Incident Types for Sharing into ThreatMatch and MISP",
"version": 1,
"description": "The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"refs": [
"https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
],
"predicates": [
{
"value": "incident_type",
"expanded": "Threat Match incident types"
}
],
"values": [
{
"predicate": "incident_type",
"entry": [
{
"value": "ATM Attacks",
"expanded": "ATM Attacks"
},
{
"value": "ATM Breach",
"expanded": "ATM Breach"
},
{
"value": "Attempted Exploitation",
"expanded": "Attempted Exploitation"
},
{
"value": "Botnet Activity",
"expanded": "Botnet Activity"
},
{
"value": "Business Email Compromise",
"expanded": "Business Email Compromise"
},
{
"value": "Crypto Mining",
"expanded": "Crypto Mining"
},
{
"value": "Data Breach/Compromise",
"expanded": "Data Breach/Compromise"
},
{
"value": "Data Dump",
"expanded": "Data Dump"
},
{
"value": "Data Leakage",
"expanded": "Data Leakage"
},
{
"value": "DDoS",
"expanded": "DDoS"
},
{
"value": "Defacement Activity",
"expanded": "Defacement Activity"
},
{
"value": "Denial of Service (DoS)",
"expanded": "Denial of Service (DoS)"
},
{
"value": "Disruption Activity",
"expanded": "Disruption Activity"
},
{
"value": "Espionage",
"expanded": "Espionage"
},
{
"value": "Espionage Activity",
"expanded": "Espionage Activity"
},
{
"value": "Exec Targeting ",
"expanded": "Exec Targeting "
},
{
"value": "Exposure of Data",
"expanded": "Exposure of Data"
},
{
"value": "Extortion Activity",
"expanded": "Extortion Activity"
},
{
"value": "Fraud Activity",
"expanded": "Fraud Activity"
},
{
"value": "General Notification",
"expanded": "General Notification"
},
{
"value": "Hacktivism Activity",
"expanded": "Hacktivism Activity"
},
{
"value": "Malicious Insider",
"expanded": "Malicious Insider"
},
{
"value": "Malware Infection",
"expanded": "Malware Infection"
},
{
"value": "Man in the Middle Attacks",
"expanded": "Man in the Middle Attacks"
},
{
"value": "MFA Attack",
"expanded": "MFA Attack"
},
{
"value": "Mobile Malware",
"expanded": "Mobile Malware"
},
{
"value": "Phishing Activity",
"expanded": "Phishing Activity"
},
{
"value": "Ransomware Activity",
"expanded": "Ransomware Activity"
},
{
"value": "Social Engineering Activity",
"expanded": "Social Engineering Activity"
},
{
"value": "Social Media Compromise",
"expanded": "Social Media Compromise"
},
{
"value": "Spear-phishing Activity",
"expanded": "Spear-phishing Activity"
},
{
"value": "Spyware",
"expanded": "Spyware"
},
{
"value": "SQL Injection Activity",
"expanded": "SQL Injection Activity"
},
{
"value": "Supply Chain Compromise",
"expanded": "Supply Chain Compromise"
},
{
"value": "Trojanised Software",
"expanded": "Trojanised Software"
},
{
"value": "Vishing",
"expanded": "Vishing"
},
{
"value": "Website Attack (Other)",
"expanded": "Website Attack (Other)"
},
{
"value": "Unknown",
"expanded": "Unknown"
}
]
}
]
}

3
threatmatch-malware-types/README.md Normal file
View File

@ -0,0 +1,3 @@
## Malware types
Malware tags are used by the ThreatMatch platform to categorise malware types.
Tags should be used for all CIISI and TIBER projects.

115
threatmatch-malware-types/machinetag.json Normal file
View File

@ -0,0 +1,115 @@
{
"namespace": "ThreatMatch",
"expanded": "Malware Types for Sharing into ThreatMatch and MISP",
"version": 1,
"description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"refs": [
"https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
],
"predicates": [
{
"value": "malware_type",
"expanded": "Malware type"
}
],
"values": [
{
"predicate": "malware_type",
"entry": [
{
"value": "Adware",
"expanded": "Adware"
},
{
"value": "Backdoor",
"expanded": "Backdoor"
},
{
"value": "Banking Trojan",
"expanded": "Banking Trojan"
},
{
"value": "Botnet",
"expanded": "Botnet"
},
{
"value": "Destructive",
"expanded": "Destructive"
},
{
"value": "Downloader",
"expanded": "Downloader"
},
{
"value": "Exploit Kit",
"expanded": "Exploit Kit"
},
{
"value": "Fileless Malware",
"expanded": "Fileless Malware"
},
{
"value": "Keylogger",
"expanded": "Keylogger"
},
{
"value": "Legitimate Tool",
"expanded": "Legitimate Tool"
},
{
"value": "Mobile Application",
"expanded": "Mobile Application"
},
{
"value": "Mobile Malware",
"expanded": "Mobile Malware"
},
{
"value": "Point-of-Sale (PoS)",
"expanded": "Point-of-Sale (PoS)"
},
{
"value": "Remote Access Trojan",
"expanded": "Remote Access Trojan"
},
{
"value": "Rootkit",
"expanded": "Rootkit"
},
{
"value": "Skimmer",
"expanded": "Skimmer"
},
{
"value": "Spyware",
"expanded": "Spyware"
},
{
"value": "Surveillance Tool",
"expanded": "Surveillance Tool"
},
{
"value": "Trojan",
"expanded": "Trojan"
},
{
"value": "Virus",
"expanded": "Virus "
},
{
"value": "Worm",
"expanded": "Worm"
},
{
"value": "Zero-day",
"expanded": "Zero-day"
},
{
"value": "Unknown",
"expanded": "Unknown"
}
]
}
]
}

3
threatmatch-sectors/README.md Normal file
View File

@ -0,0 +1,3 @@
## Sector types
Extensive list of sector definition tags.
Tags should be used for all CIISI and TIBER projects.

167
threatmatch-sectors/machinetag.json Normal file
View File

@ -0,0 +1,167 @@
{
"namespace": "ThreatMatch",
"expanded": "Sector Types for Sharing into ThreatMatch and MISP",
"version": 1,
"description": "The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
"refs": [
"https://www.secalliance.com/platform/",
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
],
"predicates": [
{
"value": "sector",
"expanded": "Threat Match sector definitions"
}
],
"values": [
{
"predicate": "sector",
"entry": [
{
"value": "Banking & Capital Markets",
"expanded": "Banking & capital markets"
},
{
"value": "Financial Services",
"expanded": "Financial Services"
},
{
"value": "Insurance",
"expanded": "Insurance"
},
{
"value": "Pension",
"expanded": "Pension"
},
{
"value": "Government & Public Service",
"expanded": "Government & Public Service"
},
{
"value": "Diplomatic Services",
"expanded": "Diplomatic Services"
},
{
"value": "Energy, Utilities & Mining",
"expanded": "Energy, Utilities & Mining"
},
{
"value": "Telecommunications",
"expanded": "Telecommunications"
},
{
"value": "Technology",
"expanded": "Technology"
},
{
"value": "Academic/Research Institutes",
"expanded": "Academic/Research Institutes"
},
{
"value": "Aerospace, Defence & Security",
"expanded": "Aerospace, Defence & Security"
},
{
"value": "Agriculture",
"expanded": "Agriculture"
},
{
"value": "Asset & Wealth Management",
"expanded": "Asset & Wealth Management"
},
{
"value": "Automotive",
"expanded": "Automotive"
},
{
"value": "Business and Professional Services",
"expanded": "Business and Professional Services"
},
{
"value": "Capital Projects & Infrastructure",
"expanded": "Capital Projects & Infrastructure"
},
{
"value": "Charity/Not-for-Profit",
"expanded": "Charity/Not-for-Profit"
},
{
"value": "Chemicals",
"expanded": "Chemicals"
},
{
"value": "Commercial Aviation",
"expanded": "Commercial Aviation"
},
{
"value": "Commodities",
"expanded": "Commodities"
},
{
"value": "Education",
"expanded": "Education"
},
{
"value": "Engineering & Construction",
"expanded": "Engineering & Construction"
},
{
"value": "Entertainment & Media",
"expanded": "Entertainment & Media"
},
{
"value": "Forest, Paper & Packaging",
"expanded": "Forest, Paper & Packaging"
},
{
"value": "Healthcare",
"expanded": "Healthcare"
},
{
"value": "Hospitality & Leisure",
"expanded": "Hospitality & Leisure"
},
{
"value": "Industrial Manufacturing",
"expanded": "Industrial Manufacturing"
},
{
"value": "IT Industry",
"expanded": "IT Industry"
},
{
"value": "Legal",
"expanded": "Legal"
},
{
"value": "Metals",
"expanded": "Metals"
},
{
"value": "Pharmaceuticals & Life Sciences",
"expanded": "Pharmaceuticals & Life Sciences"
},
{
"value": "Private Equity",
"expanded": "Private Equity"
},
{
"value": "Retail & Consumer",
"expanded": "Retail & Consumer"
},
{
"value": "Semiconductors",
"expanded": "Semiconductors"
},
{
"value": "Sovereign Investment Funds",
"expanded": "Sovereign Investment Funds"
},
{
"value": "Transport & Logistics",
"expanded": "Transport & Logistics"
}
]
}
]
}