From 334f37635f24039cf03ef9e5bd18757d207a577e Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:01:41 +0100 Subject: [PATCH 1/6] [add] new file-type taxonomy --- file-type/machinetag.json | 663 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 663 insertions(+) create mode 100755 file-type/machinetag.json diff --git a/file-type/machinetag.json b/file-type/machinetag.json new file mode 100755 index 0000000..a6bf779 --- /dev/null +++ b/file-type/machinetag.json @@ -0,0 +1,663 @@ +{ + "values": [ + { + "entry": [ + { + "colour": "#00cc7e", + "expanded": "executable", + "value": "peexe" + }, + { + "colour": "#33ffb1", + "expanded": "executable", + "value": " pedll" + }, + { + "colour": "#66ffc4", + "expanded": "executable", + "value": " neexe" + }, + { + "colour": "#4dffbb", + "expanded": "executable", + "value": " nedll" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " mz" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " msi" + }, + { + "colour": "#33ffb1", + "expanded": "executable", + "value": " com" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " coff" + }, + { + "colour": "#ccffeb", + "expanded": "executable", + "value": " elf" + }, + { + "colour": "#99ffd8", + "expanded": "executable", + "value": " krnl" + }, + { + "colour": "#80ffce", + "expanded": "executable", + "value": " rpm" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " linux" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " macho" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " elf32" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " elf64" + }, + { + "colour": "#00e68e", + "expanded": "executable", + "value": " elfso" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " peexe32" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " peexe64" + }, + { + "colour": "#00663f", + "expanded": "executable", + "value": " assembly" + }, + { + "colour": "#004d2f", + "expanded": "internet", + "value": "html" + }, + { + "colour": "#00995e", + "expanded": "internet", + "value": " xml" + }, + { + "colour": "#80ffce", + "expanded": "internet", + "value": " flash" + }, + { + "colour": "#00663f", + "expanded": "internet", + "value": " fla" + }, + { + "colour": "#99ffd8", + "expanded": "internet", + "value": " iecookie" + }, + { + "colour": "#004d2f", + "expanded": "internet", + "value": " bittorrent" + }, + { + "colour": "#00804f", + "expanded": "internet", + "value": " email" + }, + { + "colour": "#99ffd8", + "expanded": "internet", + "value": " outlook" + }, + { + "colour": "#33ffb1", + "expanded": "internet", + "value": " cap" + }, + { + "colour": "#00b36e", + "expanded": "phone and tablet", + "value": "symbian" + }, + { + "colour": "#00663f", + "expanded": "phone and tablet", + "value": " palmos" + }, + { + "colour": "#00cc7e", + "expanded": "phone and tablet", + "value": " wince" + }, + { + "colour": "#99ffd8", + "expanded": "phone and tablet", + "value": " android" + }, + { + "colour": "#b3ffe2", + "expanded": "phone and tablet", + "value": " iphone" + }, + { + "colour": "#00cc7e", + "expanded": "image", + "value": "jpeg" + }, + { + "colour": "#b3ffe2", + "expanded": "image", + "value": " emf" + }, + { + "colour": "#ccffeb", + "expanded": "image", + "value": " tiff" + }, + { + "colour": "#00e68e", + "expanded": "image", + "value": " gif" + }, + { + "colour": "#4dffbb", + "expanded": "image", + "value": " png" + }, + { + "colour": "#00995e", + "expanded": "image", + "value": " bmp" + }, + { + "colour": "#00b36e", + "expanded": "image", + "value": " gimp" + }, + { + "colour": "#b3ffe2", + "expanded": "image", + "value": " indesign" + }, + { + "colour": "#00ff9d", + "expanded": "image", + "value": " psd" + }, + { + "colour": "#99ffd8", + "expanded": "image", + "value": " targa" + }, + { + "colour": "#33ffb1", + "expanded": "image", + "value": " xws" + }, + { + "colour": "#00e68e", + "expanded": "image", + "value": " dib" + }, + { + "colour": "#80ffce", + "expanded": "image", + "value": " jng" + }, + { + "colour": "#00e68e", + "expanded": "image", + "value": " ico" + }, + { + "colour": "#1affa7", + "expanded": "image", + "value": " fpx" + }, + { + "colour": "#80ffce", + "expanded": "image", + "value": " eps" + }, + { + "colour": "#66ffc4", + "expanded": "image", + "value": " svg" + }, + { + "colour": "#00e68e", + "expanded": "video and audio", + "value": "ogg" + }, + { + "colour": "#80ffce", + "expanded": "video and audio", + "value": " flc" + }, + { + "colour": "#ccffeb", + "expanded": "video and audio", + "value": " fli" + }, + { + "colour": "#80ffce", + "expanded": "video and audio", + "value": " mp3" + }, + { + "colour": "#99ffd8", + "expanded": "video and audio", + "value": " flac" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " wav" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " midi" + }, + { + "colour": "#00663f", + "expanded": "video and audio", + "value": " avi" + }, + { + "colour": "#00663f", + "expanded": "video and audio", + "value": " mpeg" + }, + { + "colour": "#80ffce", + "expanded": "video and audio", + "value": " qt" + }, + { + "colour": "#66ffc4", + "expanded": "video and audio", + "value": " asf" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " divx" + }, + { + "colour": "#004d2f", + "expanded": "video and audio", + "value": " flv" + }, + { + "colour": "#99ffd8", + "expanded": "video and audio", + "value": " wma" + }, + { + "colour": "#4dffbb", + "expanded": "video and audio", + "value": " wmv" + }, + { + "colour": "#b3ffe2", + "expanded": "video and audio", + "value": " rm" + }, + { + "colour": "#1affa7", + "expanded": "video and audio", + "value": " mov" + }, + { + "colour": "#66ffc4", + "expanded": "video and audio", + "value": " mp4" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " 3gp" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": "text" + }, + { + "colour": "#66ffc4", + "expanded": "document", + "value": " pdf" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": " ps" + }, + { + "colour": "#66ffc4", + "expanded": "document", + "value": " doc" + }, + { + "colour": "#b3ffe2", + "expanded": "document", + "value": " docx" + }, + { + "colour": "#b3ffe2", + "expanded": "document", + "value": " rtf" + }, + { + "colour": "#80ffce", + "expanded": "document", + "value": " ppt" + }, + { + "colour": "#1affa7", + "expanded": "document", + "value": " pptx" + }, + { + "colour": "#33ffb1", + "expanded": "document", + "value": " xls" + }, + { + "colour": "#00804f", + "expanded": "document", + "value": " xlsx" + }, + { + "colour": "#00663f", + "expanded": "document", + "value": " odp" + }, + { + "colour": "#00ff9d", + "expanded": "document", + "value": " ods" + }, + { + "colour": "#00663f", + "expanded": "document", + "value": " odt" + }, + { + "colour": "#33ffb1", + "expanded": "document", + "value": " hwp" + }, + { + "colour": "#004d2f", + "expanded": "document", + "value": " gul" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": " ebook" + }, + { + "colour": "#00b36e", + "expanded": "document", + "value": " latex" + }, + { + "colour": "#00b36e", + "expanded": "bundle", + "value": "isoimage" + }, + { + "colour": "#33ffb1", + "expanded": "bundle", + "value": " zip" + }, + { + "colour": "#00b36e", + "expanded": "bundle", + "value": " gzip" + }, + { + "colour": "#00663f", + "expanded": "bundle", + "value": " bzip" + }, + { + "colour": "#66ffc4", + "expanded": "bundle", + "value": " rzip" + }, + { + "colour": "#b3ffe2", + "expanded": "bundle", + "value": " dzip" + }, + { + "colour": "#99ffd8", + "expanded": "bundle", + "value": " 7zip" + }, + { + "colour": "#4dffbb", + "expanded": "bundle", + "value": " cab" + }, + { + "colour": "#99ffd8", + "expanded": "bundle", + "value": " jar" + }, + { + "colour": "#ccffeb", + "expanded": "bundle", + "value": " rar" + }, + { + "colour": "#00fa9a", + "expanded": "bundle", + "value": " mscompress" + }, + { + "colour": "#80ffce", + "expanded": "bundle", + "value": " ace" + }, + { + "colour": "#00804f", + "expanded": "bundle", + "value": " arc" + }, + { + "colour": "#ccffeb", + "expanded": "bundle", + "value": " arj" + }, + { + "colour": "#004d2f", + "expanded": "bundle", + "value": " asd" + }, + { + "colour": "#33ffb1", + "expanded": "bundle", + "value": " blackhole" + }, + { + "colour": "#00663f", + "expanded": "bundle", + "value": " kgb" + }, + { + "colour": "#00cc7e", + "expanded": "bundle", + "value": " xz" + }, + { + "colour": "#66ffc4", + "expanded": "code", + "value": "script" + }, + { + "colour": "#4dffbb", + "expanded": "code", + "value": " php" + }, + { + "colour": "#99ffd8", + "expanded": "code", + "value": " python" + }, + { + "colour": "#004d2f", + "expanded": "code", + "value": " perl" + }, + { + "colour": "#00995e", + "expanded": "code", + "value": " ruby" + }, + { + "colour": "#1affa7", + "expanded": "code", + "value": " c" + }, + { + "colour": "#00804f", + "expanded": "code", + "value": " cpp" + }, + { + "colour": "#4dffbb", + "expanded": "code", + "value": " java" + }, + { + "colour": "#1affa7", + "expanded": "code", + "value": " shell" + }, + { + "colour": "#00ff9d", + "expanded": "code", + "value": " pascal" + }, + { + "colour": "#00804f", + "expanded": "code", + "value": " awk" + }, + { + "colour": "#00804f", + "expanded": "code", + "value": " dyalog" + }, + { + "colour": "#00fa9a", + "expanded": "code", + "value": " fortran" + }, + { + "colour": "#80ffce", + "expanded": "code", + "value": " java-bytecode" + }, + { + "colour": "#33ffb1", + "expanded": "apple", + "value": "apple" + }, + { + "colour": "#33ffb1", + "expanded": "apple", + "value": " mac" + }, + { + "colour": "#00804f", + "expanded": "apple", + "value": " applesingle" + }, + { + "colour": "#00ff9d", + "expanded": "apple", + "value": " appledouble" + }, + { + "colour": "#00b36e", + "expanded": "apple", + "value": " machfs" + }, + { + "colour": "#00ff9d", + "expanded": "apple", + "value": " appleplist" + }, + { + "colour": "#00b36e", + "expanded": "apple", + "value": " maclib" + }, + { + "colour": "#00663f", + "expanded": "miscellaneous", + "value": "lnk" + }, + { + "colour": "#1affa7", + "expanded": "miscellaneous", + "value": " ttf" + }, + { + "colour": "#00ff9d", + "expanded": "miscellaneous", + "value": " rom" + }, + { + "colour": "#00e68e", + "expanded": "miscellaneous", + "value": " data" + } + ], + "predicate": "type" + } + ], + "predicates": [ + { + "expanded": "File category", + "value": "type" + } + ], + "version": 1, + "description": "List of known file types.", + "namespace": "file" +} From 061b2bfb8ce16b98fba430063e8602aabfd209fe Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:04:46 +0100 Subject: [PATCH 2/6] [add] file-type taxonomy description --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5ac11e7..19069da 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ bfuscation techniques. This taxonomy lists all the known or official packer used - Vocabulary for Event Recording and Incident Sharing [VERIS](./veris) - [Binary Classification](./binary-class) safe/malicious binary tagging - [Workflow](./workflow) support language is a common language to support intelligence analysts to perform their analysis on data and information. +- [file-type](./file-type) - List of known file types. ### [Admiralty Scale](./admiralty-scale) From eeed4adf002996f0996ab7385a46c660a654c64d Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:07:48 +0100 Subject: [PATCH 3/6] [add] new file-type taxonomy + version bump --- MANIFEST.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/MANIFEST.json b/MANIFEST.json index 865e0c4..7b3355b 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -354,11 +354,16 @@ "version": 1, "name": "monarc-threat", "description": "MONARC threat taxonomy." + }, + { + "version": 1, + "name": "file", + "description": "List of known file types." } ], "path": "machinetag.json", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20180924" + "version": "20180930" } From 240c56ae2ac18cba94e5280836774778f8c03fc1 Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:12:52 +0100 Subject: [PATCH 4/6] [fix] remove duplicated words --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 19069da..5a786d1 100644 --- a/README.md +++ b/README.md @@ -202,7 +202,7 @@ $ cd privatetaxonomy $ vi machinetag.json ~~~~ -Create a JSON file Create a JSON file describing your taxonomy as triple tags. +Create a JSON file describing your taxonomy as triple tags. Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy. From 7630b4035183eb7e0c2fbc10d1ac2d7950f4750b Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:28:29 +0100 Subject: [PATCH 5/6] Update MANIFEST.json --- MANIFEST.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MANIFEST.json b/MANIFEST.json index 7b3355b..d206079 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -357,7 +357,7 @@ }, { "version": 1, - "name": "file", + "name": "file-type", "description": "List of known file types." } ], From 35f77de69ca4b5197cf930dd761c075d0c0aa4d7 Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:34:10 +0100 Subject: [PATCH 6/6] Update machinetag.json --- file-type/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file-type/machinetag.json b/file-type/machinetag.json index a6bf779..d41ed5f 100755 --- a/file-type/machinetag.json +++ b/file-type/machinetag.json @@ -659,5 +659,5 @@ ], "version": 1, "description": "List of known file types.", - "namespace": "file" + "namespace": "file-type" }