MISP mapping changed key as object to add optional fields like colour,
description.pull/44/head
parent
e4b88466ba
commit
b62d5e577d
|
@ -1,5 +1,52 @@
|
|||
{
|
||||
"ransomware": [
|
||||
"DDoS": {
|
||||
"values": [
|
||||
"ecsirt:availability=\"ddos\"",
|
||||
"europol-incident:availability=\"dos-ddos\"",
|
||||
"ms-caro-malware:malware-type=\"DDoS\"",
|
||||
"circl:incident-classification=\"denial-of-service\"",
|
||||
"enisa:nefarious-activity-abuse=\"denial-of-service\""
|
||||
]
|
||||
},
|
||||
"SQLi": {
|
||||
"values": [
|
||||
"circl:incident-classification=\"sql-injection\"",
|
||||
"veris:action:malware:variety=\"SQL injection\"",
|
||||
"veris:action:hacking:variety=\"SQLi\"",
|
||||
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
|
||||
"europol-event:sql-injection"
|
||||
]
|
||||
},
|
||||
"rootkit": {
|
||||
"values": [
|
||||
"veris:action:malware:variety=\"Rootkit\"",
|
||||
"enisa:nefarious-activity-abuse=\"rootkits\"",
|
||||
"malware_classification:malware-category=\"Rootkit\""
|
||||
]
|
||||
},
|
||||
"exploit": {
|
||||
"values": [
|
||||
"veris:action:malware:variety=\"Exploit vuln\"",
|
||||
"ecsirt:intrusion-attempts=\"exploit\"",
|
||||
"europol-event:exploit",
|
||||
"europol-incident:intrusion=\"exploitation-vulnerability\"",
|
||||
"ms-caro-malware:malware-type=\"Exploit\""
|
||||
]
|
||||
},
|
||||
"malware": {
|
||||
"values": [
|
||||
"ecsirt:malicious-code=\"malware\"",
|
||||
"circl:incident-classification=\"malware\""
|
||||
]
|
||||
},
|
||||
"Remote Access Tool": {
|
||||
"values": [
|
||||
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
|
||||
"ms-caro-malware:malware-type=\"RemoteAccess\""
|
||||
]
|
||||
},
|
||||
"ransomware": {
|
||||
"values": [
|
||||
"veris:action:malware:variety=\"Ransomware\"",
|
||||
"ecsirt:malicious-code=\"ransomware\"",
|
||||
"enisa:nefarious-activity-abuse=\"ransomware\"",
|
||||
|
@ -7,38 +54,6 @@
|
|||
"ms-caro-malware:malware-type=\"Ransom\"",
|
||||
"veris:action:malware:variety=\"Ransomware\""
|
||||
],
|
||||
"Remote Access Tool": [
|
||||
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
|
||||
"ms-caro-malware:malware-type=\"RemoteAccess\""
|
||||
],
|
||||
"malware": [
|
||||
"ecsirt:malicious-code=\"malware\"",
|
||||
"circl:incident-classification=\"malware\""
|
||||
],
|
||||
"exploit": [
|
||||
"veris:action:malware:variety=\"Exploit vuln\"",
|
||||
"ecsirt:intrusion-attempts=\"exploit\"",
|
||||
"europol-event:exploit",
|
||||
"europol-incident:intrusion=\"exploitation-vulnerability\"",
|
||||
"ms-caro-malware:malware-type=\"Exploit\""
|
||||
],
|
||||
"rootkit": [
|
||||
"veris:action:malware:variety=\"Rootkit\"",
|
||||
"enisa:nefarious-activity-abuse=\"rootkits\"",
|
||||
"malware_classification:malware-category=\"Rootkit\""
|
||||
],
|
||||
"SQLi": [
|
||||
"circl:incident-classification=\"sql-injection\"",
|
||||
"veris:action:malware:variety=\"SQL injection\"",
|
||||
"veris:action:hacking:variety=\"SQLi\"",
|
||||
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
|
||||
"europol-event:sql-injection"
|
||||
],
|
||||
"DDoS": [
|
||||
"ecsirt:availability=\"ddos\"",
|
||||
"europol-incident:availability=\"dos-ddos\"",
|
||||
"ms-caro-malware:malware-type=\"DDoS\"",
|
||||
"circl:incident-classification=\"denial-of-service\"",
|
||||
"enisa:nefarious-activity-abuse=\"denial-of-service\""
|
||||
]
|
||||
"description": "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue