MAEC 5.0 Malware capabilties
parent
c6d95aeaeb
commit
ca6ef0b4ca
|
@ -0,0 +1,298 @@
|
||||||
|
{
|
||||||
|
"namespace": "MAEC Malware Capabilities",
|
||||||
|
"description": "Malware Capabilities based on MAEC 5.0",
|
||||||
|
"version": 1,
|
||||||
|
"predicates": [
|
||||||
|
{
|
||||||
|
"value": "maec-malware-capability",
|
||||||
|
"expanded": "MAEC Malware capability"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"predicate": "maec-malware-capability",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "anti-behavioral-analysis",
|
||||||
|
"expanded": "anti-behavioral-analysis"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-code-analysis",
|
||||||
|
"expanded": "anti-code-analysis"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-detection",
|
||||||
|
"expanded": "anti-detection"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-removal",
|
||||||
|
"expanded": "anti-removal"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "availability-violation",
|
||||||
|
"expanded": "availability-violation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "collection",
|
||||||
|
"expanded": "collection"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "command-and-control",
|
||||||
|
"expanded": "command-and-control"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "data-theft",
|
||||||
|
"expanded": "data-theft"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "destruction",
|
||||||
|
"expanded": "destruction"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "discovery",
|
||||||
|
"expanded": "discovery"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "exfiltration",
|
||||||
|
"expanded": "exfiltration"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "fraud",
|
||||||
|
"expanded": "fraud"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "infection-propagation",
|
||||||
|
"expanded": "infection-propagation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "integrity-violation",
|
||||||
|
"expanded": "integrity-violationk"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "machine-access-control",
|
||||||
|
"expanded": "machine-access-control"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "persistence",
|
||||||
|
"expanded": "persistence"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "privilege-escalation",
|
||||||
|
"expanded": "privilege-escalation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "secondary-operation",
|
||||||
|
"expanded": "secondary-operation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "security-degradation",
|
||||||
|
"expanded": "security-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "access-control-degradation",
|
||||||
|
"expanded": "access-control-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "security-degradation",
|
||||||
|
"expanded": "security-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-debugging",
|
||||||
|
"expanded": "anti-debugging"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-disassembly",
|
||||||
|
"expanded": "anti-disassembly"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-emulation",
|
||||||
|
"expanded": "anti-emulation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-memory-forensics",
|
||||||
|
"expanded": "anti-memory-forensics"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-sandbox",
|
||||||
|
"expanded": "anti-sandbox"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-virus-evasion",
|
||||||
|
"expanded": "anti-virus-evasion"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "anti-vm",
|
||||||
|
"expanded": "anti-vm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "authentication-credentials-theft",
|
||||||
|
"expanded": "authentication-credentials-theft"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "clean-traces-of-infection",
|
||||||
|
"expanded": "clean-traces-of-infection"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "communicate-with-c2-server",
|
||||||
|
"expanded": "communicate-with-c2-servern"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "compromise-data-availability",
|
||||||
|
"expanded": "compromise-data-availability"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "compromise-system-availability",
|
||||||
|
"expanded": "compromise-system-availability"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "consume-system-resources",
|
||||||
|
"expanded": "consume-system-resources"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "continuous-execution",
|
||||||
|
"expanded": "continuous-execution"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "data-integrity-violation",
|
||||||
|
"expanded": "data-integrity-violation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "data-obfuscation",
|
||||||
|
"expanded": "data-obfuscation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "data-staging",
|
||||||
|
"expanded": "data-staging"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "determine-c2-server",
|
||||||
|
"expanded": "determine-c2-server"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "email-spam",
|
||||||
|
"expanded": "email-spam"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "ensure-compatibility",
|
||||||
|
"expanded": "ensure-compatibility"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "environment-awareness",
|
||||||
|
"expanded": "environment-awareness"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "file-infection",
|
||||||
|
"expanded": "file-infection"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "hide-artifacts",
|
||||||
|
"expanded": "hide-artifacts"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "hide-executing-code",
|
||||||
|
"expanded": "hide-executing-code"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "hide-non-executing-code",
|
||||||
|
"expanded": "hide-non-executing-code"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "host-configuration-probing",
|
||||||
|
"expanded": "host-configuration-probing"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "information-gathering-for-improvement",
|
||||||
|
"expanded": "information-gathering-for-improvement"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "input-peripheral-capture",
|
||||||
|
"expanded": "input-peripheral-capture"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "install-other-components",
|
||||||
|
"expanded": "install-other-components"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "local-machine-control",
|
||||||
|
"expanded": "local-machine-control"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "network-environment-probing",
|
||||||
|
"expanded": "network-environment-probing"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "os-security-feature-degradation",
|
||||||
|
"expanded": "os-security-feature-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "output-peripheral-capture",
|
||||||
|
"expanded": "output-peripheral-capture"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "physical-entity-destruction",
|
||||||
|
"expanded": "physical-entity-destruction"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "prevent-artifact-access",
|
||||||
|
"expanded": "prevent-artifact-access"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "prevent-artifact-deletion",
|
||||||
|
"expanded": "prevent-artifact-deletion"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "remote-machine-access",
|
||||||
|
"expanded": "remote-machine-access"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "security-software-degradation",
|
||||||
|
"expanded": "security-software-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "security-software-evasion",
|
||||||
|
"expanded": "security-software-evasion"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "self-modification",
|
||||||
|
"expanded": "self-modification"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "service-provider-security-feature-degradation",
|
||||||
|
"expanded": "service-provider-security-feature-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "stored-information-theft",
|
||||||
|
"expanded": "stored-information-theft"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "system-interface-data-capture",
|
||||||
|
"expanded": "system-interface-data-capture"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "system-operational-integrity-violation",
|
||||||
|
"expanded": "system-operational-integrity-violation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "system-re-infection",
|
||||||
|
"expanded": "system-re-infection"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "system-state-data-capture",
|
||||||
|
"expanded": "system-state-data-capture"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "system-update-degradation",
|
||||||
|
"expanded": "system-update-degradation"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "user-data-theft",
|
||||||
|
"expanded": "user-data-theft"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "virtual-entity-destruction",
|
||||||
|
"expanded": "virtual-entity-destruction"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue