New mapping taxonomy library added
A simple JSON format where a vernacular/common name describes all the potential associated machine tags. The format is a simple JSON object with a key for the common name which references a list of potential associated machine tags. The usage (in a first step) in MISP will be the following: - The replacement in the index UI of the corresponding list of machine tags by the vernacular/common name. - The ability to add automatically associated machine tags when tagging with the vernacular/common name. Even if the machine tags is not enabled in MISP, the tag will be added.pull/44/head
parent
0a6549d886
commit
d2b66e2389
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"ransomware": [
|
||||||
|
"veris:action:malware:variety=\"Ransomware\"",
|
||||||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||||||
|
"enisa:nefarious-activity-abuse=\"ransomware\"",
|
||||||
|
"malware_classification:malware-category=\"Ransomware\"",
|
||||||
|
"ms-caro-malware:malware-type=\"Ransom\"",
|
||||||
|
"veris:action:malware:variety=\"Ransomware\""
|
||||||
|
],
|
||||||
|
"Remote Access Tool": [
|
||||||
|
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
|
||||||
|
"ms-caro-malware:malware-type=\"RemoteAccess\""
|
||||||
|
],
|
||||||
|
"malware": [
|
||||||
|
"ecsirt:malicious-code=\"malware\"",
|
||||||
|
"circl:incident-classification=\"malware\""
|
||||||
|
],
|
||||||
|
"exploit": [
|
||||||
|
"veris:action:malware:variety=\"Exploit vuln\"",
|
||||||
|
"ecsirt:intrusion-attempts=\"exploit\"",
|
||||||
|
"europol-event:exploit",
|
||||||
|
"europol-incident:intrusion=\"exploitation-vulnerability\"",
|
||||||
|
"ms-caro-malware:malware-type=\"Exploit\""
|
||||||
|
],
|
||||||
|
"rootkit": [
|
||||||
|
"veris:action:malware:variety=\"Rootkit\"",
|
||||||
|
"enisa:nefarious-activity-abuse=\"rootkits\"",
|
||||||
|
"malware_classification:malware-category=\"Rootkit\""
|
||||||
|
],
|
||||||
|
"SQLi": [
|
||||||
|
"circl:incident-classification=\"sql-injection\"",
|
||||||
|
"veris:action:malware:variety=\"SQL injection\"",
|
||||||
|
"veris:action:hacking:variety=\"SQLi\"",
|
||||||
|
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
|
||||||
|
"europol-event:sql-injection"
|
||||||
|
],
|
||||||
|
"DDoS": [
|
||||||
|
"ecsirt:availability=\"ddos\"",
|
||||||
|
"europol-incident:availability=\"dos-ddos\"",
|
||||||
|
"ms-caro-malware:malware-type=\"DDoS\"",
|
||||||
|
"circl:incident-classification=\"denial-of-service\"",
|
||||||
|
"enisa:nefarious-activity-abuse=\"denial-of-service\""
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue