MAEC 5.0 Malware capabilties

pull/103/head
makflwana 2018-05-24 23:05:54 +10:00 committed by GitHub
parent c6d95aeaeb
commit ca6ef0b4ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 298 additions and 0 deletions

View File

@ -0,0 +1,298 @@
{
"namespace": "MAEC Malware Capabilities",
"description": "Malware Capabilities based on MAEC 5.0",
"version": 1,
"predicates": [
{
"value": "maec-malware-capability",
"expanded": "MAEC Malware capability"
}
],
"values": [
{
"predicate": "maec-malware-capability",
"entry": [
{
"value": "anti-behavioral-analysis",
"expanded": "anti-behavioral-analysis"
},
{
"value": "anti-code-analysis",
"expanded": "anti-code-analysis"
},
{
"value": "anti-detection",
"expanded": "anti-detection"
},
{
"value": "anti-removal",
"expanded": "anti-removal"
},
{
"value": "availability-violation",
"expanded": "availability-violation"
},
{
"value": "collection",
"expanded": "collection"
},
{
"value": "command-and-control",
"expanded": "command-and-control"
},
{
"value": "data-theft",
"expanded": "data-theft"
},
{
"value": "destruction",
"expanded": "destruction"
},
{
"value": "discovery",
"expanded": "discovery"
},
{
"value": "exfiltration",
"expanded": "exfiltration"
},
{
"value": "fraud",
"expanded": "fraud"
},
{
"value": "infection-propagation",
"expanded": "infection-propagation"
},
{
"value": "integrity-violation",
"expanded": "integrity-violationk"
},
{
"value": "machine-access-control",
"expanded": "machine-access-control"
},
{
"value": "persistence",
"expanded": "persistence"
},
{
"value": "privilege-escalation",
"expanded": "privilege-escalation"
},
{
"value": "secondary-operation",
"expanded": "secondary-operation"
},
{
"value": "security-degradation",
"expanded": "security-degradation"
},
{
"value": "access-control-degradation",
"expanded": "access-control-degradation"
},
{
"value": "security-degradation",
"expanded": "security-degradation"
},
{
"value": "anti-debugging",
"expanded": "anti-debugging"
},
{
"value": "anti-disassembly",
"expanded": "anti-disassembly"
},
{
"value": "anti-emulation",
"expanded": "anti-emulation"
},
{
"value": "anti-memory-forensics",
"expanded": "anti-memory-forensics"
},
{
"value": "anti-sandbox",
"expanded": "anti-sandbox"
},
{
"value": "anti-virus-evasion",
"expanded": "anti-virus-evasion"
},
{
"value": "anti-vm",
"expanded": "anti-vm"
},
{
"value": "authentication-credentials-theft",
"expanded": "authentication-credentials-theft"
},
{
"value": "clean-traces-of-infection",
"expanded": "clean-traces-of-infection"
},
{
"value": "communicate-with-c2-server",
"expanded": "communicate-with-c2-servern"
},
{
"value": "compromise-data-availability",
"expanded": "compromise-data-availability"
},
{
"value": "compromise-system-availability",
"expanded": "compromise-system-availability"
},
{
"value": "consume-system-resources",
"expanded": "consume-system-resources"
},
{
"value": "continuous-execution",
"expanded": "continuous-execution"
},
{
"value": "data-integrity-violation",
"expanded": "data-integrity-violation"
},
{
"value": "data-obfuscation",
"expanded": "data-obfuscation"
},
{
"value": "data-staging",
"expanded": "data-staging"
},
{
"value": "determine-c2-server",
"expanded": "determine-c2-server"
},
{
"value": "email-spam",
"expanded": "email-spam"
},
{
"value": "ensure-compatibility",
"expanded": "ensure-compatibility"
},
{
"value": "environment-awareness",
"expanded": "environment-awareness"
},
{
"value": "file-infection",
"expanded": "file-infection"
},
{
"value": "hide-artifacts",
"expanded": "hide-artifacts"
},
{
"value": "hide-executing-code",
"expanded": "hide-executing-code"
},
{
"value": "hide-non-executing-code",
"expanded": "hide-non-executing-code"
},
{
"value": "host-configuration-probing",
"expanded": "host-configuration-probing"
},
{
"value": "information-gathering-for-improvement",
"expanded": "information-gathering-for-improvement"
},
{
"value": "input-peripheral-capture",
"expanded": "input-peripheral-capture"
},
{
"value": "install-other-components",
"expanded": "install-other-components"
},
{
"value": "local-machine-control",
"expanded": "local-machine-control"
},
{
"value": "network-environment-probing",
"expanded": "network-environment-probing"
},
{
"value": "os-security-feature-degradation",
"expanded": "os-security-feature-degradation"
},
{
"value": "output-peripheral-capture",
"expanded": "output-peripheral-capture"
},
{
"value": "physical-entity-destruction",
"expanded": "physical-entity-destruction"
},
{
"value": "prevent-artifact-access",
"expanded": "prevent-artifact-access"
},
{
"value": "prevent-artifact-deletion",
"expanded": "prevent-artifact-deletion"
},
{
"value": "remote-machine-access",
"expanded": "remote-machine-access"
},
{
"value": "security-software-degradation",
"expanded": "security-software-degradation"
},
{
"value": "security-software-evasion",
"expanded": "security-software-evasion"
},
{
"value": "self-modification",
"expanded": "self-modification"
},
{
"value": "service-provider-security-feature-degradation",
"expanded": "service-provider-security-feature-degradation"
},
{
"value": "stored-information-theft",
"expanded": "stored-information-theft"
},
{
"value": "system-interface-data-capture",
"expanded": "system-interface-data-capture"
},
{
"value": "system-operational-integrity-violation",
"expanded": "system-operational-integrity-violation"
},
{
"value": "system-re-infection",
"expanded": "system-re-infection"
},
{
"value": "system-state-data-capture",
"expanded": "system-state-data-capture"
},
{
"value": "system-update-degradation",
"expanded": "system-update-degradation"
},
{
"value": "user-data-theft",
"expanded": "user-data-theft"
},
{
"value": "virtual-entity-destruction",
"expanded": "virtual-entity-destruction"
}
],
}
]
}