MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge https://github.com/MISP/misp-taxonomies

pull/120/head
Deborah Servili 2018-10-04 08:48:58 +02:00
parent e42ec26ea7 588bc4bb1b
commit d99df5627c
7 changed files with 1049 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
MANIFEST.json
View File

@ -256,7 +256,7 @@
"description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries."
},
{
"version": 1,
"version": 4,
"name": "honeypot-basic",
"description": "Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf"
},
@ -349,11 +349,21 @@
"version": 1,
"name": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process"
},
{
"version": 1,
"name": "monarc-threat",
"description": "MONARC threat taxonomy."
},
{
"version": 1,
"name": "file-type",
"description": "List of known file types."
}
],
"path": "machinetag.json",
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
"description": "Manifest file of MISP taxonomies available.",
"license": "CC-0",
"version": "20180807"
"version": "20180930"
}

11
README.md
View File

@ -57,6 +57,7 @@ bfuscation techniques. This taxonomy lists all the known or official packer used
- Vocabulary for Event Recording and Incident Sharing [VERIS](./veris)
- [Binary Classification](./binary-class) safe/malicious binary tagging
- [Workflow](./workflow) support language is a common language to support intelligence analysts to perform their analysis on data and information.
- [file-type](./file-type) - List of known file types.
### [Admiralty Scale](./admiralty-scale)
@ -201,11 +202,13 @@ $ cd privatetaxonomy
$ vi machinetag.json
~~~~
Create a JSON file Create a JSON file describing your taxonomy as triple tags.
Create a JSON file describing your taxonomy as triple tags.
Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy.
# MISP Taxonomies - tools
# MISP Taxonomies
## Tools
[machinetag.py](./tools/machinetag.py) is a parsing tool to dump taxonomies expressed in Machine Tags (Triple Tags) and list all valid tags from a specific taxonomy.
@ -227,6 +230,10 @@ Once you are happy with your file go to MISP Web GUI taxonomies/index and update
...
~~~~
## Library
- [PyTaxonomies](https://github.com/MISP/PyTaxonomies) is a Python module to use easily the MISP Taxonomies.
# License
The MISP taxonomies are licensed under [CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) - Public Domain Dedication. If a specific author of a taxonomy wants to license it under a different license, a pull request can be requested.

27
admiralty-scale/machinetag.json Executable file → Normal file
View File

@ -1,7 +1,7 @@
{
"namespace": "admiralty-scale",
"description": "The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.",
"version": 2,
"description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.",
"version": 4,
"predicates": [
{
"value": "source-reliability",
@ -19,31 +19,43 @@
{
"value": "a",
"expanded": "Completely reliable",
"description": "No doubt of authenticity, trustworthiness, or competency; has a history of complete reliability",
"numerical_value": 100
},
{
"value": "b",
"expanded": "Usually reliable",
"description": "Minor doubt about authenticity, trustworthiness, or competency; has a history of valid information most of the time",
"numerical_value": 75
},
{
"value": "c",
"expanded": "Fairly reliable",
"description": "Doubt of authenticity, trustworthiness, or competency but has provided valid information in the past",
"numerical_value": 50
},
{
"value": "d",
"expanded": "Not usually reliable",
"description": "Significant doubt about authenticity, trustworthiness, or co mpetency but has provided valid information in the past",
"numerical_value": 25
},
{
"value": "e",
"expanded": "Unreliable",
"description": "Lacking in authenticity, trustworthiness, and competency; history of invalid information",
"numerical_value": 0
},
{
"value": "f",
"expanded": "Reliability cannot be judged"
"expanded": "Reliability cannot be judged",
"description": "No basis exists for evaluating the reliability of the source",
"numerical_value": 50
},
{
"value": "g",
"expanded": "Deliberatly deceptive",
"numerical_value": 0
}
]
},
@ -53,31 +65,38 @@
{
"value": "1",
"expanded": "Confirmed by other sources",
"description": "Confirmed by other independent sources; logical in itself; Consistent with other information on the subject",
"numerical_value": 100
},
{
"value": "2",
"expanded": "Probably true",
"description": "Not confirmed; logical in itself; consistent with other information on the subject",
"numerical_value": 75
},
{
"value": "3",
"expanded": "Possibly true",
"description": "Not confirmed; reasonably logical in itself; agrees with some other information on the subject",
"numerical_value": 50
},
{
"value": "4",
"expanded": "Doubtful",
"description": "Not confirmed; possible but not logical ; no other information on the subject",
"numerical_value": 25
},
{
"value": "5",
"expanded": "Improbable",
"description": "Not confirmed; not logical in itself; contradicted by other information on the subject",
"numerical_value": 0
},
{
"value": "6",
"expanded": "Truth cannot be judged"
"expanded": "Truth cannot be judged",
"description": "No basis exists for evaluating the validity of the information",
"numerical_value": 50
}
]
}

663
file-type/machinetag.json Executable file
View File

@ -0,0 +1,663 @@
{
"values": [
{
"entry": [
{
"colour": "#00804f",
"expanded": "executable",
"value": "peexe"
},
{
"colour": "#00e68e",
"expanded": "executable",
"value": "pedll"
},
{
"colour": "#00ff9d",
"expanded": "executable",
"value": "neexe"
},
{
"colour": "#00e68e",
"expanded": "executable",
"value": "nedll"
},
{
"colour": "#1affa7",
"expanded": "executable",
"value": "mz"
},
{
"colour": "#00b36e",
"expanded": "executable",
"value": "msi"
},
{
"colour": "#ccffeb",
"expanded": "executable",
"value": "com"
},
{
"colour": "#66ffc4",
"expanded": "executable",
"value": "coff"
},
{
"colour": "#1affa7",
"expanded": "executable",
"value": "elf"
},
{
"colour": "#00663f",
"expanded": "executable",
"value": "krnl"
},
{
"colour": "#ccffeb",
"expanded": "executable",
"value": "rpm"
},
{
"colour": "#66ffc4",
"expanded": "executable",
"value": "linux"
},
{
"colour": "#ccffeb",
"expanded": "executable",
"value": "macho"
},
{
"colour": "#80ffce",
"expanded": "executable",
"value": "elf32"
},
{
"colour": "#99ffd8",
"expanded": "executable",
"value": "elf64"
},
{
"colour": "#00b36e",
"expanded": "executable",
"value": "elfso"
},
{
"colour": "#b3ffe2",
"expanded": "executable",
"value": "peexe32"
},
{
"colour": "#00995e",
"expanded": "executable",
"value": "peexe64"
},
{
"colour": "#00995e",
"expanded": "executable",
"value": "assembly"
},
{
"colour": "#33ffb1",
"expanded": "internet",
"value": "html"
},
{
"colour": "#00e68e",
"expanded": "internet",
"value": "xml"
},
{
"colour": "#ccffeb",
"expanded": "internet",
"value": "flash"
},
{
"colour": "#1affa7",
"expanded": "internet",
"value": "fla"
},
{
"colour": "#4dffbb",
"expanded": "internet",
"value": "iecookie"
},
{
"colour": "#00995e",
"expanded": "internet",
"value": "bittorrent"
},
{
"colour": "#b3ffe2",
"expanded": "internet",
"value": "email"
},
{
"colour": "#33ffb1",
"expanded": "internet",
"value": "outlook"
},
{
"colour": "#00b36e",
"expanded": "internet",
"value": "cap"
},
{
"colour": "#1affa7",
"expanded": "phone and tablet",
"value": "symbian"
},
{
"colour": "#00ff9d",
"expanded": "phone and tablet",
"value": "palmos"
},
{
"colour": "#00e68e",
"expanded": "phone and tablet",
"value": "wince"
},
{
"colour": "#4dffbb",
"expanded": "phone and tablet",
"value": "android"
},
{
"colour": "#00e68e",
"expanded": "phone and tablet",
"value": "iphone"
},
{
"colour": "#4dffbb",
"expanded": "image",
"value": "jpeg"
},
{
"colour": "#66ffc4",
"expanded": "image",
"value": "emf"
},
{
"colour": "#33ffb1",
"expanded": "image",
"value": "tiff"
},
{
"colour": "#4dffbb",
"expanded": "image",
"value": "gif"
},
{
"colour": "#00995e",
"expanded": "image",
"value": "png"
},
{
"colour": "#66ffc4",
"expanded": "image",
"value": "bmp"
},
{
"colour": "#b3ffe2",
"expanded": "image",
"value": "gimp"
},
{
"colour": "#80ffce",
"expanded": "image",
"value": "indesign"
},
{
"colour": "#00e68e",
"expanded": "image",
"value": "psd"
},
{
"colour": "#004d2f",
"expanded": "image",
"value": "targa"
},
{
"colour": "#00cc7e",
"expanded": "image",
"value": "xws"
},
{
"colour": "#00cc7e",
"expanded": "image",
"value": "dib"
},
{
"colour": "#00fa9a",
"expanded": "image",
"value": "jng"
},
{
"colour": "#00804f",
"expanded": "image",
"value": "ico"
},
{
"colour": "#33ffb1",
"expanded": "image",
"value": "fpx"
},
{
"colour": "#b3ffe2",
"expanded": "image",
"value": "eps"
},
{
"colour": "#00cc7e",
"expanded": "image",
"value": "svg"
},
{
"colour": "#33ffb1",
"expanded": "video and audio",
"value": "ogg"
},
{
"colour": "#80ffce",
"expanded": "video and audio",
"value": "flc"
},
{
"colour": "#00804f",
"expanded": "video and audio",
"value": "fli"
},
{
"colour": "#80ffce",
"expanded": "video and audio",
"value": "mp3"
},
{
"colour": "#33ffb1",
"expanded": "video and audio",
"value": "flac"
},
{
"colour": "#00ff9d",
"expanded": "video and audio",
"value": "wav"
},
{
"colour": "#4dffbb",
"expanded": "video and audio",
"value": "midi"
},
{
"colour": "#00b36e",
"expanded": "video and audio",
"value": "avi"
},
{
"colour": "#00e68e",
"expanded": "video and audio",
"value": "mpeg"
},
{
"colour": "#00804f",
"expanded": "video and audio",
"value": "qt"
},
{
"colour": "#00cc7e",
"expanded": "video and audio",
"value": "asf"
},
{
"colour": "#ccffeb",
"expanded": "video and audio",
"value": "divx"
},
{
"colour": "#00b36e",
"expanded": "video and audio",
"value": "flv"
},
{
"colour": "#ccffeb",
"expanded": "video and audio",
"value": "wma"
},
{
"colour": "#00fa9a",
"expanded": "video and audio",
"value": "wmv"
},
{
"colour": "#00fa9a",
"expanded": "video and audio",
"value": "rm"
},
{
"colour": "#b3ffe2",
"expanded": "video and audio",
"value": "mov"
},
{
"colour": "#00fa9a",
"expanded": "video and audio",
"value": "mp4"
},
{
"colour": "#99ffd8",
"expanded": "video and audio",
"value": "3gp"
},
{
"colour": "#004d2f",
"expanded": "document",
"value": "text"
},
{
"colour": "#00995e",
"expanded": "document",
"value": "pdf"
},
{
"colour": "#66ffc4",
"expanded": "document",
"value": "ps"
},
{
"colour": "#33ffb1",
"expanded": "document",
"value": "doc"
},
{
"colour": "#ccffeb",
"expanded": "document",
"value": "docx"
},
{
"colour": "#00b36e",
"expanded": "document",
"value": "rtf"
},
{
"colour": "#ccffeb",
"expanded": "document",
"value": "ppt"
},
{
"colour": "#b3ffe2",
"expanded": "document",
"value": "pptx"
},
{
"colour": "#99ffd8",
"expanded": "document",
"value": "xls"
},
{
"colour": "#00663f",
"expanded": "document",
"value": "xlsx"
},
{
"colour": "#99ffd8",
"expanded": "document",
"value": "odp"
},
{
"colour": "#00fa9a",
"expanded": "document",
"value": "ods"
},
{
"colour": "#00995e",
"expanded": "document",
"value": "odt"
},
{
"colour": "#4dffbb",
"expanded": "document",
"value": "hwp"
},
{
"colour": "#00995e",
"expanded": "document",
"value": "gul"
},
{
"colour": "#ccffeb",
"expanded": "document",
"value": "ebook"
},
{
"colour": "#004d2f",
"expanded": "document",
"value": "latex"
},
{
"colour": "#00fa9a",
"expanded": "bundle",
"value": "isoimage"
},
{
"colour": "#00b36e",
"expanded": "bundle",
"value": "zip"
},
{
"colour": "#00fa9a",
"expanded": "bundle",
"value": "gzip"
},
{
"colour": "#33ffb1",
"expanded": "bundle",
"value": "bzip"
},
{
"colour": "#00995e",
"expanded": "bundle",
"value": "rzip"
},
{
"colour": "#ccffeb",
"expanded": "bundle",
"value": "dzip"
},
{
"colour": "#66ffc4",
"expanded": "bundle",
"value": "7zip"
},
{
"colour": "#00e68e",
"expanded": "bundle",
"value": "cab"
},
{
"colour": "#4dffbb",
"expanded": "bundle",
"value": "jar"
},
{
"colour": "#00995e",
"expanded": "bundle",
"value": "rar"
},
{
"colour": "#99ffd8",
"expanded": "bundle",
"value": "mscompress"
},
{
"colour": "#00e68e",
"expanded": "bundle",
"value": "ace"
},
{
"colour": "#00b36e",
"expanded": "bundle",
"value": "arc"
},
{
"colour": "#004d2f",
"expanded": "bundle",
"value": "arj"
},
{
"colour": "#00804f",
"expanded": "bundle",
"value": "asd"
},
{
"colour": "#4dffbb",
"expanded": "bundle",
"value": "blackhole"
},
{
"colour": "#00cc7e",
"expanded": "bundle",
"value": "kgb"
},
{
"colour": "#00ff9d",
"expanded": "bundle",
"value": "xz"
},
{
"colour": "#33ffb1",
"expanded": "code",
"value": "script"
},
{
"colour": "#00e68e",
"expanded": "code",
"value": "php"
},
{
"colour": "#4dffbb",
"expanded": "code",
"value": "python"
},
{
"colour": "#1affa7",
"expanded": "code",
"value": "perl"
},
{
"colour": "#66ffc4",
"expanded": "code",
"value": "ruby"
},
{
"colour": "#99ffd8",
"expanded": "code",
"value": "c"
},
{
"colour": "#4dffbb",
"expanded": "code",
"value": "cpp"
},
{
"colour": "#00cc7e",
"expanded": "code",
"value": "java"
},
{
"colour": "#004d2f",
"expanded": "code",
"value": "shell"
},
{
"colour": "#00663f",
"expanded": "code",
"value": "pascal"
},
{
"colour": "#b3ffe2",
"expanded": "code",
"value": "awk"
},
{
"colour": "#33ffb1",
"expanded": "code",
"value": "dyalog"
},
{
"colour": "#33ffb1",
"expanded": "code",
"value": "fortran"
},
{
"colour": "#99ffd8",
"expanded": "code",
"value": "java-bytecode"
},
{
"colour": "#004d2f",
"expanded": "apple",
"value": "apple"
},
{
"colour": "#4dffbb",
"expanded": "apple",
"value": "mac"
},
{
"colour": "#99ffd8",
"expanded": "apple",
"value": "applesingle"
},
{
"colour": "#4dffbb",
"expanded": "apple",
"value": "appledouble"
},
{
"colour": "#00663f",
"expanded": "apple",
"value": "machfs"
},
{
"colour": "#00b36e",
"expanded": "apple",
"value": "appleplist"
},
{
"colour": "#99ffd8",
"expanded": "apple",
"value": "maclib"
},
{
"colour": "#00cc7e",
"expanded": "miscellaneous",
"value": "lnk"
},
{
"colour": "#1affa7",
"expanded": "miscellaneous",
"value": "ttf"
},
{
"colour": "#ccffeb",
"expanded": "miscellaneous",
"value": "rom"
},
{
"colour": "#00663f",
"expanded": "miscellaneous",
"value": "data"
}
],
"predicate": "type"
}
],
"predicates": [
{
"expanded": "File category",
"value": "type"
}
],
"version": 1,
"description": "List of known file types.",
"namespace": "file-type"
}

26
honeypot-basic/machinetag.json
View File

@ -1,7 +1,7 @@
{
"namespace": "honeypot-basic",
"description": "Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf",
"version": 1,
"description": "Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf",
"version": 4,
"predicates": [
{
"value": "interaction-level",
@ -43,16 +43,36 @@
"expanded": "High Interaction Level",
"description": "Exposed functionality of the honeypot is not limited."
},
{
"value": "medium",
"expanded": "Medium Interaction Level",
"description": "Exposed functionality of the honeypot is limited to the service without exposing the full operating system."
},
{
"value": "low",
"expanded": "low Interaction Level",
"description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination"
"description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination."
},
{
"value": "none",
"expanded": "No interaction capabilities",
"description": "No exposed functionality in the honeypot."
},
{
"value": "adaptive",
"expanded": "Learns from attack interaction",
"description": "Learns from attack interaction"
}
]
},
{
"predicate": "data-capture",
"entry": [
{
"value": "network-capture",
"expanded": "Network capture",
"description": "The honeypot collects raw network capture."
},
{
"value": "events",
"expanded": "Events",

204
ifx-vetting/machinetag.json
View File

@ -1,7 +1,7 @@
{
"namespace": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
"version": 1,
"version": 2,
"predicates": [
{
"value": "vetted",
@ -59,407 +59,407 @@
"entry": [
{
"value": "0",
"expanded": ""
"expanded": "0"
},
{
"value": "1",
"expanded": ""
"expanded": "1"
},
{
"value": "2",
"expanded": ""
"expanded": "2"
},
{
"value": "3",
"expanded": ""
"expanded": "3"
},
{
"value": "4",
"expanded": ""
"expanded": "4"
},
{
"value": "5",
"expanded": ""
"expanded": "5"
},
{
"value": "6",
"expanded": ""
"expanded": "6"
},
{
"value": "7",
"expanded": ""
"expanded": "7"
},
{
"value": "8",
"expanded": ""
"expanded": "8"
},
{
"value": "9",
"expanded": ""
"expanded": "9"
},
{
"value": "10",
"expanded": ""
"expanded": "10"
},
{
"value": "11",
"expanded": ""
"expanded": "11"
},
{
"value": "12",
"expanded": ""
"expanded": "12"
},
{
"value": "13",
"expanded": ""
"expanded": "13"
},
{
"value": "14",
"expanded": ""
"expanded": "14"
},
{
"value": "15",
"expanded": ""
"expanded": "15"
},
{
"value": "16",
"expanded": ""
"expanded": "16"
},
{
"value": "17",
"expanded": ""
"expanded": "17"
},
{
"value": "18",
"expanded": ""
"expanded": "18"
},
{
"value": "19",
"expanded": ""
"expanded": "19"
},
{
"value": "20",
"expanded": ""
"expanded": "20"
},
{
"value": "21",
"expanded": ""
"expanded": "21"
},
{
"value": "22",
"expanded": ""
"expanded": "22"
},
{
"value": "23",
"expanded": ""
"expanded": "23"
},
{
"value": "24",
"expanded": ""
"expanded": "24"
},
{
"value": "25",
"expanded": ""
"expanded": "25"
},
{
"value": "26",
"expanded": ""
"expanded": "26"
},
{
"value": "27",
"expanded": ""
"expanded": "27"
},
{
"value": "28",
"expanded": ""
"expanded": "28"
},
{
"value": "29",
"expanded": ""
"expanded": "29"
},
{
"value": "30",
"expanded": ""
"expanded": "30"
},
{
"value": "31",
"expanded": ""
"expanded": "31"
},
{
"value": "32",
"expanded": ""
"expanded": "32"
},
{
"value": "33",
"expanded": ""
"expanded": "33"
},
{
"value": "34",
"expanded": ""
"expanded": "34"
},
{
"value": "35",
"expanded": ""
"expanded": "35"
},
{
"value": "36",
"expanded": ""
"expanded": "36"
},
{
"value": "37",
"expanded": ""
"expanded": "37"
},
{
"value": "38",
"expanded": ""
"expanded": "38"
},
{
"value": "39",
"expanded": ""
"expanded": "39"
},
{
"value": "40",
"expanded": ""
"expanded": "40"
},
{
"value": "41",
"expanded": ""
"expanded": "41"
},
{
"value": "42",
"expanded": ""
"expanded": "42"
},
{
"value": "43",
"expanded": ""
"expanded": "43"
},
{
"value": "44",
"expanded": ""
"expanded": "44"
},
{
"value": "45",
"expanded": ""
"expanded": "45"
},
{
"value": "46",
"expanded": ""
"expanded": "46"
},
{
"value": "47",
"expanded": ""
"expanded": "47"
},
{
"value": "48",
"expanded": ""
"expanded": "48"
},
{
"value": "49",
"expanded": ""
"expanded": "49"
},
{
"value": "50",
"expanded": ""
"expanded": "50"
},
{
"value": "51",
"expanded": ""
"expanded": "51"
},
{
"value": "52",
"expanded": ""
"expanded": "52"
},
{
"value": "53",
"expanded": ""
"expanded": "53"
},
{
"value": "54",
"expanded": ""
"expanded": "54"
},
{
"value": "55",
"expanded": ""
"expanded": "55"
},
{
"value": "56",
"expanded": ""
"expanded": "56"
},
{
"value": "57",
"expanded": ""
"expanded": "57"
},
{
"value": "58",
"expanded": ""
"expanded": "58"
},
{
"value": "59",
"expanded": ""
"expanded": "59"
},
{
"value": "60",
"expanded": ""
"expanded": "60"
},
{
"value": "61",
"expanded": ""
"expanded": "61"
},
{
"value": "62",
"expanded": ""
"expanded": "62"
},
{
"value": "63",
"expanded": ""
"expanded": "63"
},
{
"value": "64",
"expanded": ""
"expanded": "64"
},
{
"value": "65",
"expanded": ""
"expanded": "65"
},
{
"value": "66",
"expanded": ""
"expanded": "66"
},
{
"value": "67",
"expanded": ""
"expanded": "67"
},
{
"value": "68",
"expanded": ""
"expanded": "68"
},
{
"value": "69",
"expanded": ""
"expanded": "69"
},
{
"value": "70",
"expanded": ""
"expanded": "70"
},
{
"value": "71",
"expanded": ""
"expanded": "71"
},
{
"value": "72",
"expanded": ""
"expanded": "72"
},
{
"value": "73",
"expanded": ""
"expanded": "73"
},
{
"value": "74",
"expanded": ""
"expanded": "74"
},
{
"value": "75",
"expanded": ""
"expanded": "75"
},
{
"value": "76",
"expanded": ""
"expanded": "76"
},
{
"value": "77",
"expanded": ""
"expanded": "77"
},
{
"value": "78",
"expanded": ""
"expanded": "78"
},
{
"value": "79",
"expanded": ""
"expanded": "79"
},
{
"value": "80",
"expanded": ""
"expanded": "80"
},
{
"value": "81",
"expanded": ""
"expanded": "81"
},
{
"value": "82",
"expanded": ""
"expanded": "82"
},
{
"value": "83",
"expanded": ""
"expanded": "83"
},
{
"value": "84",
"expanded": ""
"expanded": "84"
},
{
"value": "85",
"expanded": ""
"expanded": "85"
},
{
"value": "86",
"expanded": ""
"expanded": "86"
},
{
"value": "87",
"expanded": ""
"expanded": "87"
},
{
"value": "88",
"expanded": ""
"expanded": "88"
},
{
"value": "89",
"expanded": ""
"expanded": "89"
},
{
"value": "90",
"expanded": ""
"expanded": "90"
},
{
"value": "91",
"expanded": ""
"expanded": "91"
},
{
"value": "92",
"expanded": ""
"expanded": "92"
},
{
"value": "93",
"expanded": ""
"expanded": "93"
},
{
"value": "94",
"expanded": ""
"expanded": "94"
},
{
"value": "95",
"expanded": ""
"expanded": "95"
},
{
"value": "96",
"expanded": ""
"expanded": "96"
},
{
"value": "97",
"expanded": ""
"expanded": "97"
},
{
"value": "98",
"expanded": ""
"expanded": "98"
},
{
"value": "99",
"expanded": ""
"expanded": "99"
},
{
"value": "100",
"expanded": ""
"expanded": "100"
}
]
}

217
monarc-threat/machinetag.json Normal file
View File

@ -0,0 +1,217 @@
{
"namespace": "monarc-threat",
"expanded": "MONARC Threats",
"version": 1,
"description": "MONARC Threats Taxonomy",
"refs": [
"https://monarc.lu"
],
"predicates": [
{
"value": "compromise-of-functions",
"expanded": "Compromise of functions"
},
{
"value": "unauthorised-actions",
"expanded": "Unauthorised actions"
},
{
"value": "compromise-of-information",
"expanded": "Compromise of information"
},
{
"value": "loss-of-essential-services",
"expanded": "Loss of essential services"
},
{
"value": "technical-failures",
"expanded": "Technical failures"
},
{
"value": "physical-damage",
"expanded": "Physical damage"
}
],
"values": [
{
"predicate": "compromise-of-functions",
"entry": [
{
"value": "error-in-use",
"expanded": "Error in use",
"description": "A person commits an operating error, input error or utilisation error on hardware or software."
},
{
"value": "forging-of-rights",
"expanded": "Forging of rights",
"description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc."
},
{
"value": "eavesdropping",
"expanded": "Eavesdropping",
"description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication."
},
{
"value": "denial-of-actions",
"expanded": "Denial of actions",
"description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation."
},
{
"value": "abuse-of-rights",
"expanded": "Abuse of rights",
"description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources."
},
{
"value": "breach-of-personnel-availability",
"expanded": "Breach of personnel availability",
"description": "Absence of qualified or authorised personnel to execute the usual operations."
}
]
},
{
"predicate": "unauthorised-actions",
"entry": [
{
"value": "fraudulent-copying-or-use-of-counterfeit-software",
"expanded": "Fraudulent copying or use of counterfeit software",
"description": "Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software."
},
{
"value": "corruption-of-data",
"expanded": "Corruption of data",
"description": "Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful."
},
{
"value": "illegal-processing-of-data",
"expanded": "Illegal processing of data",
"description": "A person carries out information processing that is forbidden by the law or a regulation."
}
]
},
{
"predicate": "compromise-of-information",
"entry": [
{
"value": "remote-spying",
"expanded": "Remote spying",
"description": "Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard."
},
{
"value": "tampering-with-hardware",
"expanded": "Tampering with hardware",
"description": "Someone with access to a communication medium or equipment installs an interception or destruction device in it."
},
{
"value": "interception-of-compromising-interference-signals",
"expanded": "Interception of compromising interference signals",
"description": "Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon)."
},
{
"value": "theft-or-destruction-of-media-documents-or-equipment",
"expanded": "Theft or destruction of media, documents or equipment",
"description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen."
},
{
"value": "retrieval-of-recycled-or-discarded media",
"expanded": "Retrieval of recycled or discarded media",
"description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information."
},
{
"value": "malware-infection",
"expanded": "Malware infection",
"description": "Unwanted software that is doing operations seeking to harm the company."
},
{
"value": "data-from-untrustworthy-sources",
"expanded": "Data from untrustworthy sources",
"description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation."
},
{
"value": "disclosure",
"expanded": "Disclosure",
"description": "Person who voluntarily or negligently disclosure information."
}
]
},
{
"predicate": "loss-of-essential-services",
"entry": [
{
"value": "failure-of-telecommunication-equipment",
"expanded": "Failure of telecommunication equipment",
"description": "Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network)."
},
{
"value": "loss-of-power-supply",
"expanded": "Loss of power supply",
"description": "Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier's service or from the internal distribution system."
},
{
"value": "failure-of-air-conditioning",
"expanded": "Failure of air-conditioning",
"description": "Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely."
}
]
},
{
"predicate": "technical-failures",
"entry": [
{
"value": "software-malfunction",
"expanded": "Software malfunction",
"description": "Design error, installation error or operating error committed during modification causing incorrect execution."
},
{
"value": "equipment-malfunction-or-failure",
"expanded": "Equipment malfunction or failure",
"description": "Logical or physical event causing hardware malfunctions or failures."
},
{
"value": "saturation-of-the-information-system",
"expanded": "Saturation of the information system",
"description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment."
},
{
"value": "breach-of-information-system-maintainability",
"expanded": "Breach of information system maintainability",
"description": "Lack of expertise in the system making retrofitting and upgrading impossible"
}
]
},
{
"predicate": "physical-damage",
"entry": [
{
"value": "destruction-of-equipment-or-supports",
"expanded": "Destruction of equipment or supports",
"description": "Event causing destruction of equipment or media."
},
{
"value": "fire",
"expanded": "Fire",
"description": "Any situation that could facilitate the conflagration of premises or equipment."
},
{
"value": "water-damage",
"expanded": "Water damage",
"description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)"
},
{
"value": "major-accident",
"expanded": "Major accident",
"description": "Any event that can physically destroy the premises"
},
{
"value": "pollution",
"expanded": "Pollution",
"description": "Presence of dust, vapours, corrosive or toxic gases in the ambient air."
},
{
"value": "environmental-disaster",
"expanded": "Environmental disaster (fire, flood, dust, dirt, etc.)",
"description": "Any event that can physically ruin the premises"
}
]
}
]
}