From b62d5e577d4190fd26a1384d7fffd98fb2f4b661 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 27 Oct 2016 10:04:33 +0200 Subject: [PATCH] MISP mapping changed key as object to add optional fields like colour, description. --- mapping/mapping.json | 99 +++++++++++++++++++++++++------------------- 1 file changed, 57 insertions(+), 42 deletions(-) diff --git a/mapping/mapping.json b/mapping/mapping.json index bf39f41..c5ef7ed 100644 --- a/mapping/mapping.json +++ b/mapping/mapping.json @@ -1,44 +1,59 @@ { - "ransomware": [ - "veris:action:malware:variety=\"Ransomware\"", - "ecsirt:malicious-code=\"ransomware\"", - "enisa:nefarious-activity-abuse=\"ransomware\"", - "malware_classification:malware-category=\"Ransomware\"", - "ms-caro-malware:malware-type=\"Ransom\"", - "veris:action:malware:variety=\"Ransomware\"" - ], - "Remote Access Tool": [ - "enisa:nefarious-activity-abuse=\"remote-access-tool\"", - "ms-caro-malware:malware-type=\"RemoteAccess\"" - ], - "malware": [ - "ecsirt:malicious-code=\"malware\"", - "circl:incident-classification=\"malware\"" - ], - "exploit": [ - "veris:action:malware:variety=\"Exploit vuln\"", - "ecsirt:intrusion-attempts=\"exploit\"", - "europol-event:exploit", - "europol-incident:intrusion=\"exploitation-vulnerability\"", - "ms-caro-malware:malware-type=\"Exploit\"" - ], - "rootkit": [ - "veris:action:malware:variety=\"Rootkit\"", - "enisa:nefarious-activity-abuse=\"rootkits\"", - "malware_classification:malware-category=\"Rootkit\"" - ], - "SQLi": [ - "circl:incident-classification=\"sql-injection\"", - "veris:action:malware:variety=\"SQL injection\"", - "veris:action:hacking:variety=\"SQLi\"", - "enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"", - "europol-event:sql-injection" - ], - "DDoS": [ - "ecsirt:availability=\"ddos\"", - "europol-incident:availability=\"dos-ddos\"", - "ms-caro-malware:malware-type=\"DDoS\"", - "circl:incident-classification=\"denial-of-service\"", - "enisa:nefarious-activity-abuse=\"denial-of-service\"" - ] + "DDoS": { + "values": [ + "ecsirt:availability=\"ddos\"", + "europol-incident:availability=\"dos-ddos\"", + "ms-caro-malware:malware-type=\"DDoS\"", + "circl:incident-classification=\"denial-of-service\"", + "enisa:nefarious-activity-abuse=\"denial-of-service\"" + ] + }, + "SQLi": { + "values": [ + "circl:incident-classification=\"sql-injection\"", + "veris:action:malware:variety=\"SQL injection\"", + "veris:action:hacking:variety=\"SQLi\"", + "enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"", + "europol-event:sql-injection" + ] + }, + "rootkit": { + "values": [ + "veris:action:malware:variety=\"Rootkit\"", + "enisa:nefarious-activity-abuse=\"rootkits\"", + "malware_classification:malware-category=\"Rootkit\"" + ] + }, + "exploit": { + "values": [ + "veris:action:malware:variety=\"Exploit vuln\"", + "ecsirt:intrusion-attempts=\"exploit\"", + "europol-event:exploit", + "europol-incident:intrusion=\"exploitation-vulnerability\"", + "ms-caro-malware:malware-type=\"Exploit\"" + ] + }, + "malware": { + "values": [ + "ecsirt:malicious-code=\"malware\"", + "circl:incident-classification=\"malware\"" + ] + }, + "Remote Access Tool": { + "values": [ + "enisa:nefarious-activity-abuse=\"remote-access-tool\"", + "ms-caro-malware:malware-type=\"RemoteAccess\"" + ] + }, + "ransomware": { + "values": [ + "veris:action:malware:variety=\"Ransomware\"", + "ecsirt:malicious-code=\"ransomware\"", + "enisa:nefarious-activity-abuse=\"ransomware\"", + "malware_classification:malware-category=\"Ransomware\"", + "ms-caro-malware:malware-type=\"Ransom\"", + "veris:action:malware:variety=\"Ransomware\"" + ], + "description": "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)" + } }