MISP mapping changed key as object to add optional fields like colour,

description.
pull/44/head
Alexandre Dulaunoy 2016-10-27 10:04:33 +02:00
parent e4b88466ba
commit b62d5e577d
1 changed files with 57 additions and 42 deletions

View File

@ -1,5 +1,52 @@
{ {
"ransomware": [ "DDoS": {
"values": [
"ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"",
"ms-caro-malware:malware-type=\"DDoS\"",
"circl:incident-classification=\"denial-of-service\"",
"enisa:nefarious-activity-abuse=\"denial-of-service\""
]
},
"SQLi": {
"values": [
"circl:incident-classification=\"sql-injection\"",
"veris:action:malware:variety=\"SQL injection\"",
"veris:action:hacking:variety=\"SQLi\"",
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
"europol-event:sql-injection"
]
},
"rootkit": {
"values": [
"veris:action:malware:variety=\"Rootkit\"",
"enisa:nefarious-activity-abuse=\"rootkits\"",
"malware_classification:malware-category=\"Rootkit\""
]
},
"exploit": {
"values": [
"veris:action:malware:variety=\"Exploit vuln\"",
"ecsirt:intrusion-attempts=\"exploit\"",
"europol-event:exploit",
"europol-incident:intrusion=\"exploitation-vulnerability\"",
"ms-caro-malware:malware-type=\"Exploit\""
]
},
"malware": {
"values": [
"ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\""
]
},
"Remote Access Tool": {
"values": [
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
"ms-caro-malware:malware-type=\"RemoteAccess\""
]
},
"ransomware": {
"values": [
"veris:action:malware:variety=\"Ransomware\"", "veris:action:malware:variety=\"Ransomware\"",
"ecsirt:malicious-code=\"ransomware\"", "ecsirt:malicious-code=\"ransomware\"",
"enisa:nefarious-activity-abuse=\"ransomware\"", "enisa:nefarious-activity-abuse=\"ransomware\"",
@ -7,38 +54,6 @@
"ms-caro-malware:malware-type=\"Ransom\"", "ms-caro-malware:malware-type=\"Ransom\"",
"veris:action:malware:variety=\"Ransomware\"" "veris:action:malware:variety=\"Ransomware\""
], ],
"Remote Access Tool": [ "description": "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)"
"enisa:nefarious-activity-abuse=\"remote-access-tool\"", }
"ms-caro-malware:malware-type=\"RemoteAccess\""
],
"malware": [
"ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\""
],
"exploit": [
"veris:action:malware:variety=\"Exploit vuln\"",
"ecsirt:intrusion-attempts=\"exploit\"",
"europol-event:exploit",
"europol-incident:intrusion=\"exploitation-vulnerability\"",
"ms-caro-malware:malware-type=\"Exploit\""
],
"rootkit": [
"veris:action:malware:variety=\"Rootkit\"",
"enisa:nefarious-activity-abuse=\"rootkits\"",
"malware_classification:malware-category=\"Rootkit\""
],
"SQLi": [
"circl:incident-classification=\"sql-injection\"",
"veris:action:malware:variety=\"SQL injection\"",
"veris:action:hacking:variety=\"SQLi\"",
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
"europol-event:sql-injection"
],
"DDoS": [
"ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"",
"ms-caro-malware:malware-type=\"DDoS\"",
"circl:incident-classification=\"denial-of-service\"",
"enisa:nefarious-activity-abuse=\"denial-of-service\""
]
} }