From 4991db0bbdfba35358ebe8faa2f31141e602ca67 Mon Sep 17 00:00:00 2001 From: paulingega-sa Date: Thu, 20 Aug 2020 11:43:05 +0100 Subject: [PATCH 1/4] adding ThreatMatch taxonomies --- threatmatch-alert-types/README.md | 0 threatmatch-alert-types/machinetag.json | 0 threatmatch-incident-types/README.md | 0 threatmatch-incident-types/machinetag.json | 0 threatmatch-malware-types/README.md | 0 threatmatch-malware-types/machinetag.json | 0 threatmatch-sectors/README.md | 0 threatmatch-sectors/machinetag.json | 0 8 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 threatmatch-alert-types/README.md create mode 100644 threatmatch-alert-types/machinetag.json create mode 100644 threatmatch-incident-types/README.md create mode 100644 threatmatch-incident-types/machinetag.json create mode 100644 threatmatch-malware-types/README.md create mode 100644 threatmatch-malware-types/machinetag.json create mode 100644 threatmatch-sectors/README.md create mode 100644 threatmatch-sectors/machinetag.json diff --git a/threatmatch-alert-types/README.md b/threatmatch-alert-types/README.md new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-alert-types/machinetag.json b/threatmatch-alert-types/machinetag.json new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-incident-types/README.md b/threatmatch-incident-types/README.md new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-incident-types/machinetag.json b/threatmatch-incident-types/machinetag.json new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-malware-types/README.md b/threatmatch-malware-types/README.md new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-malware-types/machinetag.json b/threatmatch-malware-types/machinetag.json new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-sectors/README.md b/threatmatch-sectors/README.md new file mode 100644 index 0000000..e69de29 diff --git a/threatmatch-sectors/machinetag.json b/threatmatch-sectors/machinetag.json new file mode 100644 index 0000000..e69de29 From 5a3e3c1c11bf10bc40d8ba98a9e80ffaa71ad46c Mon Sep 17 00:00:00 2001 From: paulingega-sa Date: Thu, 20 Aug 2020 11:46:07 +0100 Subject: [PATCH 2/4] adding ThreatMatch taxonomies --- threatmatch-alert-types/README.md | 3 + threatmatch-alert-types/machinetag.json | 99 ++++++++++++ threatmatch-incident-types/README.md | 3 + threatmatch-incident-types/machinetag.json | 175 +++++++++++++++++++++ threatmatch-malware-types/README.md | 3 + threatmatch-malware-types/machinetag.json | 116 ++++++++++++++ threatmatch-sectors/README.md | 3 + threatmatch-sectors/machinetag.json | 167 ++++++++++++++++++++ 8 files changed, 569 insertions(+) diff --git a/threatmatch-alert-types/README.md b/threatmatch-alert-types/README.md index e69de29..9ccc39e 100644 --- a/threatmatch-alert-types/README.md +++ b/threatmatch-alert-types/README.md @@ -0,0 +1,3 @@ +## Alert types +Alert tags are used by the ThreatMatch platform to categorise a relevant threat. +Tags should be used for all CIISI and TIBER projects. diff --git a/threatmatch-alert-types/machinetag.json b/threatmatch-alert-types/machinetag.json index e69de29..38ac4a5 100644 --- a/threatmatch-alert-types/machinetag.json +++ b/threatmatch-alert-types/machinetag.json @@ -0,0 +1,99 @@ +{ + "namespace": "ThreatMatch", + "expanded": "Alert Types for Sharing into ThreatMatch and MISP.", + "version": 1, + "description": "The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "refs": [ + "https://www.secalliance.com/platform/", + "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" + ], + "predicates":[ + { + "value": "alert_type", + "expanded": "Alert type" + } + ], + "values": [ + { + "predicate": "alert_type", + "entry": [ + { + "value": "Actor Campaigns", + "expanded": "Actor Campaigns" + }, + { + "value": "Credential Breaches", + "expanded": "Credential Breaches" + }, + { + "value": "DDoS", + "expanded": "DDoS" + }, + { + "value": "Exploit Alert", + "expanded": "Exploit Alert" + }, + { + "value": "General Notification", + "expanded": "General Notification" + }, + { + "value": "High Impact Vulnerabilities", + "expanded": "High Impact Vulnerabilities" + }, + { + "value": "Information Leakages", + "expanded": "Information Leakages" + }, + { + "value": "Malware Analysis", + "expanded": "Malware Analysis" + }, + { + "value": "Nefarious Domains", + "expanded": "Nefarious Domains" + }, + { + "value": "Nefarious Forum Mention", + "expanded": "Nefarious Forum Mention" + }, + { + "value": "Pastebin Dumps", + "expanded": "Pastebin Dumps" + }, + { + "value": "Phishing Attempts", + "expanded": "Phishing Attempts" + }, + { + "value": "PII Exposure", + "expanded": "PII Exposure" + }, + { + "value": "Sensitive Information Disclosures", + "expanded": "Sensitive Information Disclosures" + }, + { + "value": "Social Media Alerts", + "expanded": "Social Media Alerts" + }, + { + "value": "Supply Chain Event", + "expanded": "Supply Chain Event" + }, + { + "value": "Technical Exposure", + "expanded": "Technical Exposure" + }, + { + "value": "Threat Actor Updates", + "expanded": "Threat Actor Updates" + }, + { + "value": "Trigger Events", + "expanded": "Trigger Events" + } + ] + } + ] +} diff --git a/threatmatch-incident-types/README.md b/threatmatch-incident-types/README.md index e69de29..1e95764 100644 --- a/threatmatch-incident-types/README.md +++ b/threatmatch-incident-types/README.md @@ -0,0 +1,3 @@ +## Incident types +Incident tags are used by the ThreatMatch platform to categorise a relevant incident event. +Tags should be used for all CIISI and TIBER projects. diff --git a/threatmatch-incident-types/machinetag.json b/threatmatch-incident-types/machinetag.json index e69de29..5fb7784 100644 --- a/threatmatch-incident-types/machinetag.json +++ b/threatmatch-incident-types/machinetag.json @@ -0,0 +1,175 @@ +{ + "namespace": "ThreatMatch", + "expanded": "Incident Types for Sharing into ThreatMatch and MISP", + "version": 1, + "description": "The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "refs": [ + "https://www.secalliance.com/platform/", + "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" + ], + "predicates":[ + { + "value": "incident_type", + "expanded": "Threat Match incident types" + } + ], + "values": [ + { + "predicate": "incident_type", + "entry": [ + { + "value": "ATM Attacks", + "expanded": "ATM Attacks" + }, + { + "value": "ATM Breach", + "expanded": "ATM Breach" + }, + { + "value": "Attempted Exploitation", + "expanded": "Attempted Exploitation" + }, + { + "value": "Botnet Activity", + "expanded": "Botnet Activity" + }, + { + "value": "Business Email Compromise", + "expanded": "Business Email Compromise" + }, + { + "value": "Crypto Mining", + "expanded": "Crypto Mining" + }, + { + "value": "Data Breach/Compromise", + "expanded": "Data Breach/Compromise" + }, + { + "value": "Data Dump", + "expanded": "Data Dump" + }, + { + "value": "Data Leakage", + "expanded": "Data Leakage" + }, + { + "value": "DDoS", + "expanded": "DDoS" + }, + { + "value": "Defacement Activity", + "expanded": "Defacement Activity" + }, + { + "value": "Denial of Service (DoS)", + "expanded": "Denial of Service (DoS)" + }, + { + "value": "Disruption Activity", + "expanded": "Disruption Activity" + }, + { + "value": "Espionage", + "expanded": "Espionage" + }, + { + "value": "Espionage Activity", + "expanded": "Espionage Activity" + }, + { + "value": "Exec Targeting ", + "expanded": "Exec Targeting " + }, + { + "value": "Exposure of Data", + "expanded": "Exposure of Data" + }, + { + "value": "Extortion Activity", + "expanded": "Extortion Activity" + }, + { + "value": "Fraud Activity", + "expanded": "Fraud Activity" + }, + { + "value": "General Notification", + "expanded": "General Notification" + }, + { + "value": "Hacktivism Activity", + "expanded": "Hacktivism Activity" + }, + { + "value": "Malicious Insider", + "expanded": "Malicious Insider" + }, + { + "value": "Malware Infection", + "expanded": "Malware Infection" + }, + { + "value": "Man in the Middle Attacks", + "expanded": "Man in the Middle Attacks" + }, + { + "value": "MFA Attack", + "expanded": "MFA Attack" + }, + { + "value": "Mobile Malware", + "expanded": "Mobile Malware" + }, + { + "value": "Phishing Activity", + "expanded": "Phishing Activity" + }, + { + "value": "Ransomware Activity", + "expanded": "Ransomware Activity" + }, + { + "value": "Social Engineering Activity", + "expanded": "Social Engineering Activity" + }, + { + "value": "Social Media Compromise", + "expanded": "Social Media Compromise" + }, + { + "value": "Spear-phishing Activity", + "expanded": "Spear-phishing Activity" + }, + { + "value": "Spyware", + "expanded": "Spyware" + }, + { + "value": "SQL Injection Activity", + "expanded": "SQL Injection Activity" + }, + { + "value": "Supply Chain Compromise", + "expanded": "Supply Chain Compromise" + }, + { + "value": "Trojanised Software", + "expanded": "Trojanised Software" + }, + { + "value": "Vishing", + "expanded": "Vishing" + }, + { + "value": "Website Attack (Other)", + "expanded": "Website Attack (Other)" + }, + { + "value": "Unknown", + "expanded": "Unknown" + } + ] + } + ] +} diff --git a/threatmatch-malware-types/README.md b/threatmatch-malware-types/README.md index e69de29..2a6c9df 100644 --- a/threatmatch-malware-types/README.md +++ b/threatmatch-malware-types/README.md @@ -0,0 +1,3 @@ +## Malware types +Malware tags are used by the ThreatMatch platform to categorise malware types. +Tags should be used for all CIISI and TIBER projects. diff --git a/threatmatch-malware-types/machinetag.json b/threatmatch-malware-types/machinetag.json index e69de29..ad889ad 100644 --- a/threatmatch-malware-types/machinetag.json +++ b/threatmatch-malware-types/machinetag.json @@ -0,0 +1,116 @@ +{ + "namespace": "ThreatMatch", + "expanded": "Malware Types for Sharing into ThreatMatch and MISP", + "version": 1, + "description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "refs": [ + "https://www.secalliance.com/platform/", + "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" + ], + "predicates":[ + { + "value": "malware_type", + "expanded": "Malware type" + } + ], + "values": [ + { + "predicate": "malware_type", + "entry": [ + { + "value": "Adware", + "expanded": "Adware" + }, + { + "value": "Backdoor", + "expanded": "Backdoor" + }, + { + "value": "Banking Trojan", + "expanded": "Banking Trojan" + }, + { + "value": "Botnet", + "expanded": "Botnet" + }, + { + "value": "Destructive", + "expanded": "Destructive" + }, + { + "value": "Downloader", + "expanded": "Downloader" + }, + { + "value": "Exploit Kit", + "expanded": "Exploit Kit" + }, + { + "value": "Fileless Malware", + "expanded": "Fileless Malware" + }, + { + "value": "Keylogger", + "expanded": "Keylogger" + }, + { + "value": "Legitimate Tool", + "expanded": "Legitimate Tool" + }, + { + "value": "Mobile Application", + "expanded": "Mobile Application" + }, + { + "value": "Mobile Malware", + "expanded": "Mobile Malware" + }, + { + "value": "Point-of-Sale (PoS)", + "expanded": "Point-of-Sale (PoS)" + }, + { + "value": "Remote Access Trojan", + "expanded": "Remote Access Trojan" + }, + { + "value": "Rootkit", + "expanded": "Rootkit" + }, + { + "value": "Skimmer", + "expanded": "Skimmer" + }, + { + "value": "Spyware", + "expanded": "Spyware" + }, + { + "value": "Surveillance Tool", + "expanded": "Surveillance Tool" + }, + { + "value": "Trojan", + "expanded": "Trojan" + }, + { + "value": "Virus", + "expanded": "Virus " + }, + { + "value": "Worm", + "expanded": "Worm" + }, + { + "value": "Zero-day", + "expanded": "Zero-day" + }, + { + "value": "Unknown", + "expanded": "Unknown" + } + ] + } + ] + + } diff --git a/threatmatch-sectors/README.md b/threatmatch-sectors/README.md index e69de29..ad6b550 100644 --- a/threatmatch-sectors/README.md +++ b/threatmatch-sectors/README.md @@ -0,0 +1,3 @@ +## Sector types +Extensive list of sector definition tags. +Tags should be used for all CIISI and TIBER projects. \ No newline at end of file diff --git a/threatmatch-sectors/machinetag.json b/threatmatch-sectors/machinetag.json index e69de29..297c4bf 100644 --- a/threatmatch-sectors/machinetag.json +++ b/threatmatch-sectors/machinetag.json @@ -0,0 +1,167 @@ +{ + "namespace": "ThreatMatch", + "expanded": "Sector Types for Sharing into ThreatMatch and MISP", + "version": 1, + "description": "The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "refs": [ + "https://www.secalliance.com/platform/", + "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" + ], + "predicates":[ + { + "value": "sector", + "expanded": "Threat Match sector definitions" + } + ], + "values": [ + { + "predicate": "sector", + "entry": [ + { + "value": "Banking & Capital Markets", + "expanded": "Banking & capital markets" + }, + { + "value": "Financial Services", + "expanded": "Financial Services" + }, + { + "value": "Insurance", + "expanded": "Insurance" + }, + { + "value": "Pension", + "expanded": "Pension" + }, + { + "value": "Government & Public Service", + "expanded": "Government & Public Service" + }, + { + "value": "Diplomatic Services", + "expanded": "Diplomatic Services" + }, + { + "value": "Energy, Utilities & Mining", + "expanded": "Energy, Utilities & Mining" + }, + { + "value": "Telecommunications", + "expanded": "Telecommunications" + }, + { + "value": "Technology", + "expanded": "Technology" + }, + { + "value": "Academic/Research Institutes", + "expanded": "Academic/Research Institutes" + }, + { + "value": "Aerospace, Defence & Security", + "expanded": "Aerospace, Defence & Security" + }, + { + "value": "Agriculture", + "expanded": "Agriculture" + }, + { + "value": "Asset & Wealth Management", + "expanded": "Asset & Wealth Management" + }, + { + "value": "Automotive", + "expanded": "Automotive" + }, + { + "value": "Business and Professional Services", + "expanded": "Business and Professional Services" + }, + { + "value": "Capital Projects & Infrastructure", + "expanded": "Capital Projects & Infrastructure" + }, + { + "value": "Charity/Not-for-Profit", + "expanded": "Charity/Not-for-Profit" + }, + { + "value": "Chemicals", + "expanded": "Chemicals" + }, + { + "value": "Commercial Aviation", + "expanded": "Commercial Aviation" + }, + { + "value": "Commodities", + "expanded": "Commodities" + }, + { + "value": "Education", + "expanded": "Education" + }, + { + "value": "Engineering & Construction", + "expanded": "Engineering & Construction" + }, + { + "value": "Entertainment & Media", + "expanded": "Entertainment & Media" + }, + { + "value": "Forest, Paper & Packaging", + "expanded": "Forest, Paper & Packaging" + }, + { + "value": "Healthcare", + "expanded": "Healthcare" + }, + { + "value": "Hospitality & Leisure", + "expanded": "Hospitality & Leisure" + }, + { + "value": "Industrial Manufacturing", + "expanded": "Industrial Manufacturing" + }, + { + "value": "IT Industry", + "expanded": "IT Industry" + }, + { + "value": "Legal", + "expanded": "Legal" + }, + { + "value": "Metals", + "expanded": "Metals" + }, + { + "value": "Pharmaceuticals & Life Sciences", + "expanded": "Pharmaceuticals & Life Sciences" + }, + { + "value": "Private Equity", + "expanded": "Private Equity" + }, + { + "value": "Retail & Consumer", + "expanded": "Retail & Consumer" + }, + { + "value": "Semiconductors", + "expanded": "Semiconductors" + }, + { + "value": "Sovereign Investment Funds", + "expanded": "Sovereign Investment Funds" + }, + { + "value": "Transport & Logistics", + "expanded": "Transport & Logistics" + } + ] + } + ] +} From 92f1f72c3eafa1854a35d568aadef8be4f4b6187 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 20 Aug 2020 13:45:23 +0200 Subject: [PATCH 3/4] chg: [threatmatch*] jq all the things --- threatmatch-alert-types/machinetag.json | 162 +++++------ threatmatch-incident-types/machinetag.json | 308 ++++++++++----------- threatmatch-malware-types/machinetag.json | 191 +++++++------ threatmatch-sectors/machinetag.json | 290 +++++++++---------- 4 files changed, 475 insertions(+), 476 deletions(-) diff --git a/threatmatch-alert-types/machinetag.json b/threatmatch-alert-types/machinetag.json index 38ac4a5..af96ce4 100644 --- a/threatmatch-alert-types/machinetag.json +++ b/threatmatch-alert-types/machinetag.json @@ -7,7 +7,7 @@ "https://www.secalliance.com/platform/", "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" ], - "predicates":[ + "predicates": [ { "value": "alert_type", "expanded": "Alert type" @@ -15,85 +15,85 @@ ], "values": [ { - "predicate": "alert_type", - "entry": [ - { - "value": "Actor Campaigns", - "expanded": "Actor Campaigns" - }, - { - "value": "Credential Breaches", - "expanded": "Credential Breaches" - }, - { - "value": "DDoS", - "expanded": "DDoS" - }, - { - "value": "Exploit Alert", - "expanded": "Exploit Alert" - }, - { - "value": "General Notification", - "expanded": "General Notification" - }, - { - "value": "High Impact Vulnerabilities", - "expanded": "High Impact Vulnerabilities" - }, - { - "value": "Information Leakages", - "expanded": "Information Leakages" - }, - { - "value": "Malware Analysis", - "expanded": "Malware Analysis" - }, - { - "value": "Nefarious Domains", - "expanded": "Nefarious Domains" - }, - { - "value": "Nefarious Forum Mention", - "expanded": "Nefarious Forum Mention" - }, - { - "value": "Pastebin Dumps", - "expanded": "Pastebin Dumps" - }, - { - "value": "Phishing Attempts", - "expanded": "Phishing Attempts" - }, - { - "value": "PII Exposure", - "expanded": "PII Exposure" - }, - { - "value": "Sensitive Information Disclosures", - "expanded": "Sensitive Information Disclosures" - }, - { - "value": "Social Media Alerts", - "expanded": "Social Media Alerts" - }, - { - "value": "Supply Chain Event", - "expanded": "Supply Chain Event" - }, - { - "value": "Technical Exposure", - "expanded": "Technical Exposure" - }, - { - "value": "Threat Actor Updates", - "expanded": "Threat Actor Updates" - }, - { - "value": "Trigger Events", - "expanded": "Trigger Events" - } - ] - } + "predicate": "alert_type", + "entry": [ + { + "value": "Actor Campaigns", + "expanded": "Actor Campaigns" + }, + { + "value": "Credential Breaches", + "expanded": "Credential Breaches" + }, + { + "value": "DDoS", + "expanded": "DDoS" + }, + { + "value": "Exploit Alert", + "expanded": "Exploit Alert" + }, + { + "value": "General Notification", + "expanded": "General Notification" + }, + { + "value": "High Impact Vulnerabilities", + "expanded": "High Impact Vulnerabilities" + }, + { + "value": "Information Leakages", + "expanded": "Information Leakages" + }, + { + "value": "Malware Analysis", + "expanded": "Malware Analysis" + }, + { + "value": "Nefarious Domains", + "expanded": "Nefarious Domains" + }, + { + "value": "Nefarious Forum Mention", + "expanded": "Nefarious Forum Mention" + }, + { + "value": "Pastebin Dumps", + "expanded": "Pastebin Dumps" + }, + { + "value": "Phishing Attempts", + "expanded": "Phishing Attempts" + }, + { + "value": "PII Exposure", + "expanded": "PII Exposure" + }, + { + "value": "Sensitive Information Disclosures", + "expanded": "Sensitive Information Disclosures" + }, + { + "value": "Social Media Alerts", + "expanded": "Social Media Alerts" + }, + { + "value": "Supply Chain Event", + "expanded": "Supply Chain Event" + }, + { + "value": "Technical Exposure", + "expanded": "Technical Exposure" + }, + { + "value": "Threat Actor Updates", + "expanded": "Threat Actor Updates" + }, + { + "value": "Trigger Events", + "expanded": "Trigger Events" + } + ] + } ] } diff --git a/threatmatch-incident-types/machinetag.json b/threatmatch-incident-types/machinetag.json index 5fb7784..0f47736 100644 --- a/threatmatch-incident-types/machinetag.json +++ b/threatmatch-incident-types/machinetag.json @@ -7,7 +7,7 @@ "https://www.secalliance.com/platform/", "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" ], - "predicates":[ + "predicates": [ { "value": "incident_type", "expanded": "Threat Match incident types" @@ -17,159 +17,159 @@ { "predicate": "incident_type", "entry": [ - { - "value": "ATM Attacks", - "expanded": "ATM Attacks" - }, - { - "value": "ATM Breach", - "expanded": "ATM Breach" - }, - { - "value": "Attempted Exploitation", - "expanded": "Attempted Exploitation" - }, - { - "value": "Botnet Activity", - "expanded": "Botnet Activity" - }, - { - "value": "Business Email Compromise", - "expanded": "Business Email Compromise" - }, - { - "value": "Crypto Mining", - "expanded": "Crypto Mining" - }, - { - "value": "Data Breach/Compromise", - "expanded": "Data Breach/Compromise" - }, - { - "value": "Data Dump", - "expanded": "Data Dump" - }, - { - "value": "Data Leakage", - "expanded": "Data Leakage" - }, - { - "value": "DDoS", - "expanded": "DDoS" - }, - { - "value": "Defacement Activity", - "expanded": "Defacement Activity" - }, - { - "value": "Denial of Service (DoS)", - "expanded": "Denial of Service (DoS)" - }, - { - "value": "Disruption Activity", - "expanded": "Disruption Activity" - }, - { - "value": "Espionage", - "expanded": "Espionage" - }, - { - "value": "Espionage Activity", - "expanded": "Espionage Activity" - }, - { - "value": "Exec Targeting ", - "expanded": "Exec Targeting " - }, - { - "value": "Exposure of Data", - "expanded": "Exposure of Data" - }, - { - "value": "Extortion Activity", - "expanded": "Extortion Activity" - }, - { - "value": "Fraud Activity", - "expanded": "Fraud Activity" - }, - { - "value": "General Notification", - "expanded": "General Notification" - }, - { - "value": "Hacktivism Activity", - "expanded": "Hacktivism Activity" - }, - { - "value": "Malicious Insider", - "expanded": "Malicious Insider" - }, - { - "value": "Malware Infection", - "expanded": "Malware Infection" - }, - { - "value": "Man in the Middle Attacks", - "expanded": "Man in the Middle Attacks" - }, - { - "value": "MFA Attack", - "expanded": "MFA Attack" - }, - { - "value": "Mobile Malware", - "expanded": "Mobile Malware" - }, - { - "value": "Phishing Activity", - "expanded": "Phishing Activity" - }, - { - "value": "Ransomware Activity", - "expanded": "Ransomware Activity" - }, - { - "value": "Social Engineering Activity", - "expanded": "Social Engineering Activity" - }, - { - "value": "Social Media Compromise", - "expanded": "Social Media Compromise" - }, - { - "value": "Spear-phishing Activity", - "expanded": "Spear-phishing Activity" - }, - { - "value": "Spyware", - "expanded": "Spyware" - }, - { - "value": "SQL Injection Activity", - "expanded": "SQL Injection Activity" - }, - { - "value": "Supply Chain Compromise", - "expanded": "Supply Chain Compromise" - }, - { - "value": "Trojanised Software", - "expanded": "Trojanised Software" - }, - { - "value": "Vishing", - "expanded": "Vishing" - }, - { - "value": "Website Attack (Other)", - "expanded": "Website Attack (Other)" - }, - { - "value": "Unknown", - "expanded": "Unknown" - } - ] + { + "value": "ATM Attacks", + "expanded": "ATM Attacks" + }, + { + "value": "ATM Breach", + "expanded": "ATM Breach" + }, + { + "value": "Attempted Exploitation", + "expanded": "Attempted Exploitation" + }, + { + "value": "Botnet Activity", + "expanded": "Botnet Activity" + }, + { + "value": "Business Email Compromise", + "expanded": "Business Email Compromise" + }, + { + "value": "Crypto Mining", + "expanded": "Crypto Mining" + }, + { + "value": "Data Breach/Compromise", + "expanded": "Data Breach/Compromise" + }, + { + "value": "Data Dump", + "expanded": "Data Dump" + }, + { + "value": "Data Leakage", + "expanded": "Data Leakage" + }, + { + "value": "DDoS", + "expanded": "DDoS" + }, + { + "value": "Defacement Activity", + "expanded": "Defacement Activity" + }, + { + "value": "Denial of Service (DoS)", + "expanded": "Denial of Service (DoS)" + }, + { + "value": "Disruption Activity", + "expanded": "Disruption Activity" + }, + { + "value": "Espionage", + "expanded": "Espionage" + }, + { + "value": "Espionage Activity", + "expanded": "Espionage Activity" + }, + { + "value": "Exec Targeting ", + "expanded": "Exec Targeting " + }, + { + "value": "Exposure of Data", + "expanded": "Exposure of Data" + }, + { + "value": "Extortion Activity", + "expanded": "Extortion Activity" + }, + { + "value": "Fraud Activity", + "expanded": "Fraud Activity" + }, + { + "value": "General Notification", + "expanded": "General Notification" + }, + { + "value": "Hacktivism Activity", + "expanded": "Hacktivism Activity" + }, + { + "value": "Malicious Insider", + "expanded": "Malicious Insider" + }, + { + "value": "Malware Infection", + "expanded": "Malware Infection" + }, + { + "value": "Man in the Middle Attacks", + "expanded": "Man in the Middle Attacks" + }, + { + "value": "MFA Attack", + "expanded": "MFA Attack" + }, + { + "value": "Mobile Malware", + "expanded": "Mobile Malware" + }, + { + "value": "Phishing Activity", + "expanded": "Phishing Activity" + }, + { + "value": "Ransomware Activity", + "expanded": "Ransomware Activity" + }, + { + "value": "Social Engineering Activity", + "expanded": "Social Engineering Activity" + }, + { + "value": "Social Media Compromise", + "expanded": "Social Media Compromise" + }, + { + "value": "Spear-phishing Activity", + "expanded": "Spear-phishing Activity" + }, + { + "value": "Spyware", + "expanded": "Spyware" + }, + { + "value": "SQL Injection Activity", + "expanded": "SQL Injection Activity" + }, + { + "value": "Supply Chain Compromise", + "expanded": "Supply Chain Compromise" + }, + { + "value": "Trojanised Software", + "expanded": "Trojanised Software" + }, + { + "value": "Vishing", + "expanded": "Vishing" + }, + { + "value": "Website Attack (Other)", + "expanded": "Website Attack (Other)" + }, + { + "value": "Unknown", + "expanded": "Unknown" + } + ] } ] } diff --git a/threatmatch-malware-types/machinetag.json b/threatmatch-malware-types/machinetag.json index ad889ad..acc80dd 100644 --- a/threatmatch-malware-types/machinetag.json +++ b/threatmatch-malware-types/machinetag.json @@ -7,7 +7,7 @@ "https://www.secalliance.com/platform/", "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" ], - "predicates":[ + "predicates": [ { "value": "malware_type", "expanded": "Malware type" @@ -17,100 +17,99 @@ { "predicate": "malware_type", "entry": [ - { - "value": "Adware", - "expanded": "Adware" - }, - { - "value": "Backdoor", - "expanded": "Backdoor" - }, - { - "value": "Banking Trojan", - "expanded": "Banking Trojan" - }, - { - "value": "Botnet", - "expanded": "Botnet" - }, - { - "value": "Destructive", - "expanded": "Destructive" - }, - { - "value": "Downloader", - "expanded": "Downloader" - }, - { - "value": "Exploit Kit", - "expanded": "Exploit Kit" - }, - { - "value": "Fileless Malware", - "expanded": "Fileless Malware" - }, - { - "value": "Keylogger", - "expanded": "Keylogger" - }, - { - "value": "Legitimate Tool", - "expanded": "Legitimate Tool" - }, - { - "value": "Mobile Application", - "expanded": "Mobile Application" - }, - { - "value": "Mobile Malware", - "expanded": "Mobile Malware" - }, - { - "value": "Point-of-Sale (PoS)", - "expanded": "Point-of-Sale (PoS)" - }, - { - "value": "Remote Access Trojan", - "expanded": "Remote Access Trojan" - }, - { - "value": "Rootkit", - "expanded": "Rootkit" - }, - { - "value": "Skimmer", - "expanded": "Skimmer" - }, - { - "value": "Spyware", - "expanded": "Spyware" - }, - { - "value": "Surveillance Tool", - "expanded": "Surveillance Tool" - }, - { - "value": "Trojan", - "expanded": "Trojan" - }, - { - "value": "Virus", - "expanded": "Virus " - }, - { - "value": "Worm", - "expanded": "Worm" - }, - { - "value": "Zero-day", - "expanded": "Zero-day" - }, - { - "value": "Unknown", - "expanded": "Unknown" - } - ] + { + "value": "Adware", + "expanded": "Adware" + }, + { + "value": "Backdoor", + "expanded": "Backdoor" + }, + { + "value": "Banking Trojan", + "expanded": "Banking Trojan" + }, + { + "value": "Botnet", + "expanded": "Botnet" + }, + { + "value": "Destructive", + "expanded": "Destructive" + }, + { + "value": "Downloader", + "expanded": "Downloader" + }, + { + "value": "Exploit Kit", + "expanded": "Exploit Kit" + }, + { + "value": "Fileless Malware", + "expanded": "Fileless Malware" + }, + { + "value": "Keylogger", + "expanded": "Keylogger" + }, + { + "value": "Legitimate Tool", + "expanded": "Legitimate Tool" + }, + { + "value": "Mobile Application", + "expanded": "Mobile Application" + }, + { + "value": "Mobile Malware", + "expanded": "Mobile Malware" + }, + { + "value": "Point-of-Sale (PoS)", + "expanded": "Point-of-Sale (PoS)" + }, + { + "value": "Remote Access Trojan", + "expanded": "Remote Access Trojan" + }, + { + "value": "Rootkit", + "expanded": "Rootkit" + }, + { + "value": "Skimmer", + "expanded": "Skimmer" + }, + { + "value": "Spyware", + "expanded": "Spyware" + }, + { + "value": "Surveillance Tool", + "expanded": "Surveillance Tool" + }, + { + "value": "Trojan", + "expanded": "Trojan" + }, + { + "value": "Virus", + "expanded": "Virus " + }, + { + "value": "Worm", + "expanded": "Worm" + }, + { + "value": "Zero-day", + "expanded": "Zero-day" + }, + { + "value": "Unknown", + "expanded": "Unknown" + } + ] } ] - - } +} diff --git a/threatmatch-sectors/machinetag.json b/threatmatch-sectors/machinetag.json index 297c4bf..6aa690f 100644 --- a/threatmatch-sectors/machinetag.json +++ b/threatmatch-sectors/machinetag.json @@ -7,7 +7,7 @@ "https://www.secalliance.com/platform/", "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html" ], - "predicates":[ + "predicates": [ { "value": "sector", "expanded": "Threat Match sector definitions" @@ -17,150 +17,150 @@ { "predicate": "sector", "entry": [ - { - "value": "Banking & Capital Markets", - "expanded": "Banking & capital markets" - }, - { - "value": "Financial Services", - "expanded": "Financial Services" - }, - { - "value": "Insurance", - "expanded": "Insurance" - }, - { - "value": "Pension", - "expanded": "Pension" - }, - { - "value": "Government & Public Service", - "expanded": "Government & Public Service" - }, - { - "value": "Diplomatic Services", - "expanded": "Diplomatic Services" - }, - { - "value": "Energy, Utilities & Mining", - "expanded": "Energy, Utilities & Mining" - }, - { - "value": "Telecommunications", - "expanded": "Telecommunications" - }, - { - "value": "Technology", - "expanded": "Technology" - }, - { - "value": "Academic/Research Institutes", - "expanded": "Academic/Research Institutes" - }, - { - "value": "Aerospace, Defence & Security", - "expanded": "Aerospace, Defence & Security" - }, - { - "value": "Agriculture", - "expanded": "Agriculture" - }, - { - "value": "Asset & Wealth Management", - "expanded": "Asset & Wealth Management" - }, - { - "value": "Automotive", - "expanded": "Automotive" - }, - { - "value": "Business and Professional Services", - "expanded": "Business and Professional Services" - }, - { - "value": "Capital Projects & Infrastructure", - "expanded": "Capital Projects & Infrastructure" - }, - { - "value": "Charity/Not-for-Profit", - "expanded": "Charity/Not-for-Profit" - }, - { - "value": "Chemicals", - "expanded": "Chemicals" - }, - { - "value": "Commercial Aviation", - "expanded": "Commercial Aviation" - }, - { - "value": "Commodities", - "expanded": "Commodities" - }, - { - "value": "Education", - "expanded": "Education" - }, - { - "value": "Engineering & Construction", - "expanded": "Engineering & Construction" - }, - { - "value": "Entertainment & Media", - "expanded": "Entertainment & Media" - }, - { - "value": "Forest, Paper & Packaging", - "expanded": "Forest, Paper & Packaging" - }, - { - "value": "Healthcare", - "expanded": "Healthcare" - }, - { - "value": "Hospitality & Leisure", - "expanded": "Hospitality & Leisure" - }, - { - "value": "Industrial Manufacturing", - "expanded": "Industrial Manufacturing" - }, - { - "value": "IT Industry", - "expanded": "IT Industry" - }, - { - "value": "Legal", - "expanded": "Legal" - }, - { - "value": "Metals", - "expanded": "Metals" - }, - { - "value": "Pharmaceuticals & Life Sciences", - "expanded": "Pharmaceuticals & Life Sciences" - }, - { - "value": "Private Equity", - "expanded": "Private Equity" - }, - { - "value": "Retail & Consumer", - "expanded": "Retail & Consumer" - }, - { - "value": "Semiconductors", - "expanded": "Semiconductors" - }, - { - "value": "Sovereign Investment Funds", - "expanded": "Sovereign Investment Funds" - }, - { - "value": "Transport & Logistics", - "expanded": "Transport & Logistics" - } + { + "value": "Banking & Capital Markets", + "expanded": "Banking & capital markets" + }, + { + "value": "Financial Services", + "expanded": "Financial Services" + }, + { + "value": "Insurance", + "expanded": "Insurance" + }, + { + "value": "Pension", + "expanded": "Pension" + }, + { + "value": "Government & Public Service", + "expanded": "Government & Public Service" + }, + { + "value": "Diplomatic Services", + "expanded": "Diplomatic Services" + }, + { + "value": "Energy, Utilities & Mining", + "expanded": "Energy, Utilities & Mining" + }, + { + "value": "Telecommunications", + "expanded": "Telecommunications" + }, + { + "value": "Technology", + "expanded": "Technology" + }, + { + "value": "Academic/Research Institutes", + "expanded": "Academic/Research Institutes" + }, + { + "value": "Aerospace, Defence & Security", + "expanded": "Aerospace, Defence & Security" + }, + { + "value": "Agriculture", + "expanded": "Agriculture" + }, + { + "value": "Asset & Wealth Management", + "expanded": "Asset & Wealth Management" + }, + { + "value": "Automotive", + "expanded": "Automotive" + }, + { + "value": "Business and Professional Services", + "expanded": "Business and Professional Services" + }, + { + "value": "Capital Projects & Infrastructure", + "expanded": "Capital Projects & Infrastructure" + }, + { + "value": "Charity/Not-for-Profit", + "expanded": "Charity/Not-for-Profit" + }, + { + "value": "Chemicals", + "expanded": "Chemicals" + }, + { + "value": "Commercial Aviation", + "expanded": "Commercial Aviation" + }, + { + "value": "Commodities", + "expanded": "Commodities" + }, + { + "value": "Education", + "expanded": "Education" + }, + { + "value": "Engineering & Construction", + "expanded": "Engineering & Construction" + }, + { + "value": "Entertainment & Media", + "expanded": "Entertainment & Media" + }, + { + "value": "Forest, Paper & Packaging", + "expanded": "Forest, Paper & Packaging" + }, + { + "value": "Healthcare", + "expanded": "Healthcare" + }, + { + "value": "Hospitality & Leisure", + "expanded": "Hospitality & Leisure" + }, + { + "value": "Industrial Manufacturing", + "expanded": "Industrial Manufacturing" + }, + { + "value": "IT Industry", + "expanded": "IT Industry" + }, + { + "value": "Legal", + "expanded": "Legal" + }, + { + "value": "Metals", + "expanded": "Metals" + }, + { + "value": "Pharmaceuticals & Life Sciences", + "expanded": "Pharmaceuticals & Life Sciences" + }, + { + "value": "Private Equity", + "expanded": "Private Equity" + }, + { + "value": "Retail & Consumer", + "expanded": "Retail & Consumer" + }, + { + "value": "Semiconductors", + "expanded": "Semiconductors" + }, + { + "value": "Sovereign Investment Funds", + "expanded": "Sovereign Investment Funds" + }, + { + "value": "Transport & Logistics", + "expanded": "Transport & Logistics" + } ] } ] From eb18a1309cd04b1720eb5c0fd3c3d305df121543 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 20 Aug 2020 13:46:02 +0200 Subject: [PATCH 4/4] chg: [MANIFEST] regenerated --- MANIFEST.json | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index e19b550..c7e6fb2 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -409,9 +409,9 @@ "version": 2 }, { - "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical 'News' Sources by Melissa Zimdars 2019", + "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019", "name": "misinformation-website-label", - "version": "1" + "version": 1 }, { "description": "MISP taxonomy to infer with MISP behavior or operation.", @@ -543,6 +543,26 @@ "name": "targeted-threat-index", "version": 3 }, + { + "description": "The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "name": "ThreatMatch", + "version": 1 + }, + { + "description": "The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "name": "ThreatMatch", + "version": 1 + }, + { + "description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "name": "ThreatMatch", + "version": 1 + }, + { + "description": "The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.", + "name": "ThreatMatch", + "version": 1 + }, { "description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614", "name": "threats-to-dns", @@ -590,5 +610,5 @@ } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", - "version": "20200612" + "version": "20200820" }