From 95218311352d6dcb91d149f22ce4378b2e0c5de3 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 18 Aug 2018 10:13:38 +0200 Subject: [PATCH 01/23] chg: link to PyTaxonomies library added --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b1c0cd1..5ac11e7 100644 --- a/README.md +++ b/README.md @@ -205,7 +205,9 @@ Create a JSON file Create a JSON file describing your taxonomy as triple tags. Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy. -# MISP Taxonomies - tools +# MISP Taxonomies + +## Tools [machinetag.py](./tools/machinetag.py) is a parsing tool to dump taxonomies expressed in Machine Tags (Triple Tags) and list all valid tags from a specific taxonomy. @@ -227,6 +229,10 @@ Once you are happy with your file go to MISP Web GUI taxonomies/index and update ... ~~~~ +## Library + +- [PyTaxonomies](https://github.com/MISP/PyTaxonomies) is a Python module to use easily the MISP Taxonomies. + # License The MISP taxonomies are licensed under [CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) - Public Domain Dedication. If a specific author of a taxonomy wants to license it under a different license, a pull request can be requested. From 6256502143a789814af61b0390b23432626b5854 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 31 Aug 2018 07:19:41 +0200 Subject: [PATCH 02/23] chg: [honeypot-basic] updated to include no-interactive honeypot + network capture as data collection --- honeypot-basic/machinetag.json | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/honeypot-basic/machinetag.json b/honeypot-basic/machinetag.json index 45a8369..1471ffe 100644 --- a/honeypot-basic/machinetag.json +++ b/honeypot-basic/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "honeypot-basic", - "description": "Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", - "version": 1, + "description": "Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", + "version": 2, "predicates": [ { "value": "interaction-level", @@ -47,12 +47,22 @@ "value": "low", "expanded": "low Interaction Level", "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination" + }, + { + "value": "none", + "expanded": "No interaction capabilities", + "description": "No exposed functionality in the honeypot." } ] }, { "predicate": "data-capture", "entry": [ + { + "value": "network-capture", + "expanded": "Network capture", + "description": "The honeypot collects raw network capture." + }, { "value": "events", "expanded": "Events", From b7ebd32485963c410b4274f8051f3236325c4b2f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 31 Aug 2018 07:20:46 +0200 Subject: [PATCH 03/23] chg: [honeypot-simple] updated to the new version --- MANIFEST.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index 4823356..feba71c 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -256,7 +256,7 @@ "description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries." }, { - "version": 1, + "version": 2, "name": "honeypot-basic", "description": "Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" }, @@ -355,5 +355,5 @@ "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20180807" + "version": "20180831" } From 81d4cc3f72298a6dfca9659c3fcc2b94607fbdb6 Mon Sep 17 00:00:00 2001 From: Juan Rocha Date: Tue, 11 Sep 2018 16:00:13 +0200 Subject: [PATCH 04/23] MONARC Threats taxonomy Add v1.0 of MONARC threats taxonomy --- monarc/machinetag.json | 217 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 217 insertions(+) create mode 100644 monarc/machinetag.json diff --git a/monarc/machinetag.json b/monarc/machinetag.json new file mode 100644 index 0000000..bd4d8b4 --- /dev/null +++ b/monarc/machinetag.json @@ -0,0 +1,217 @@ +{ + "namespace": "monarc", + "expanded": "MONARC Threats", + "version": 1.0, + "description": "MONARC Threats Taxonomy", + "refs": [ + "https://monarc.lu" + ], + "predicates": [ + { + "value": "compromise-of-functions", + "expanded": "Compromise of functions" + }, + { + "value": "unauthorised-actions", + "expanded": "Unauthorised actions" + }, + { + "value": "compromise-of-information", + "expanded": "Compromise of information" + }, + { + "value": "loss-of-essential-services", + "expanded": "Loss of essential services" + }, + { + "value": "technical-failures", + "expanded": "Technical failures" + }, + { + "value": "physical-damage", + "expanded": "Physical damage" + }, + ], + "values": [ + { + "predicate": "compromise-of-functions", + "entry": [ + { + "value": "error-in-use", + "expanded": "Error in use", + "description": "A person commits an operating error, input error or utilisation error on hardware or software." + }, + { + "value": "forging-of-rights", + "expanded": "Forging of rights", + "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc." + }, + { + "value": "eavesdropping", + "expanded": "Eavesdropping", + "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication." + }, + { + "value": "denial-of-actions", + "expanded": "Denial of actions", + "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation." + }, + { + "value": "abuse-of-rights", + "expanded": "Abuse of rights", + "description" : "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources." + }, + { + "value": "breach-of-personnel-availability", + "expanded": "Breach of personnel availability", + "description" : "Absence of qualified or authorised personnel to execute the usual operations." + } + ] + }, + { + "predicate": "unauthorised-actions", + "entry": [ + { + "value": "fraudulent-copying-or-use-of-counterfeit-software", + "expanded": "Fraudulent copying or use of counterfeit software", + "description": "Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software." + }, + { + "value": "corruption-of-data", + "expanded": "Corruption of data", + "description": "Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful." + }, + { + "value": "illegal-processing-of-data", + "expanded": "Illegal processing of data", + "description": "A person carries out information processing that is forbidden by the law or a regulation." + } + ] + } + { + "predicate": "compromise-of-information", + "entry": [ + { + "value": "remote-spying", + "expanded": "Remote spying", + "description": "Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard." + }, + { + "value": "tampering-with-hardware", + "expanded": "Tampering with hardware", + "description": "Someone with access to a communication medium or equipment installs an interception or destruction device in it." + }, + { + "value": "interception-of-compromising-interference-signals", + "expanded": "Interception of compromising interference signals", + "description": "Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon)." + } + { + "value": "theft-or-destruction-of-media-documents-or-equipment", + "expanded": "Theft or destruction of media, documents or equipment", + "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen." + }, + { + "value": "retrieval-of-recycled-or-discarded media", + "expanded": "Retrieval of recycled or discarded media", + "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information." + }, + { + "value": "malware-infection", + "expanded": "Malware infection", + "description": "Unwanted software that is doing operations seeking to harm the company." + } + { + "value": "data-from-untrustworthy-sources", + "expanded": "Data from untrustworthy sources", + "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation." + }, + { + "value": "disclosure", + "expanded": "Disclosure", + "description": "Person who voluntarily or negligently disclosure information." + } + ] + } + { + "predicate": "loss-of-essential-services", + "entry": [ + { + "value": "failure-of-telecommunication-equipment", + "expanded": "Failure of telecommunication equipment", + "description": "Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network)." + }, + { + "value": "loss-of-power-supply", + "expanded": "Loss of power supply", + "description": "Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier's service or from the internal distribution system." + }, + { + "value": "failure-of-air-conditioning", + "expanded": "Failure of air-conditioning", + "description": "Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely." + } + ] + } + { + "predicate": "technical-failures", + "entry": [ + { + "value": "software-malfunction", + "expanded": "Software malfunction", + "description": "Design error, installation error or operating error committed during modification causing incorrect execution." + }, + { + "value": "equipment-malfunction-or-failure", + "expanded": "Equipment malfunction or failure", + "description": "Logical or physical event causing hardware malfunctions or failures." + }, + { + "value": "saturation-of-the-information-system", + "expanded": "Saturation of the information system", + "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment." + }, + { + "value": "breach-of-information-system-maintainability", + "expanded": "Breach of information system maintainability", + "description": "Lack of expertise in the system making retrofitting and upgrading impossible" + } + ] + } + { + "predicate": "physical-damage", + "entry": [ + { + "value": "destruction-of-equipment-or-supports", + "expanded": "Destruction of equipment or supports", + "description": "Event causing destruction of equipment or media." + }, + { + "value": "fire", + "expanded": "Fire", + "description": "Any situation that could facilitate the conflagration of premises or equipment." + }, + { + "value": "water-damage", + "expanded": "Water damage", + "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)" + }, + { + "value": "major-accident", + "expanded": "Major accident", + "description": "Any event that can physically destroy the premises" + }, + { + "value": "pollution", + "expanded": "Pollution", + "description": "Presence of dust, vapours, corrosive or toxic gases in the ambient air." + }, + { + "value": "environmental-disaster", + "expanded": "Environmental disaster (fire, flood, dust, dirt, etc.)", + "description": "Any event that can physically ruin the premises" + } + ] + } + ] +} From b2227681cdbde2abf8dd56e26722441636a4b3ed Mon Sep 17 00:00:00 2001 From: Juan Rocha Date: Tue, 11 Sep 2018 16:25:02 +0200 Subject: [PATCH 05/23] Fix Typo --- monarc/machinetag.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monarc/machinetag.json b/monarc/machinetag.json index bd4d8b4..accdc96 100644 --- a/monarc/machinetag.json +++ b/monarc/machinetag.json @@ -174,7 +174,7 @@ { "value": "breach-of-information-system-maintainability", "expanded": "Breach of information system maintainability", - "description": "Lack of expertise in the system making retrofitting and upgrading impossible" + "description": "Lack of expertise in the system making retrofitting and upgrading impossible." } ] } @@ -194,12 +194,12 @@ { "value": "water-damage", "expanded": "Water damage", - "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)" + "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)." }, { "value": "major-accident", "expanded": "Major accident", - "description": "Any event that can physically destroy the premises" + "description": "Any event that can physically destroy the premises." }, { "value": "pollution", From aa550dced75febccc2bbcabb0fa0df4605b07f9d Mon Sep 17 00:00:00 2001 From: Juan Rocha Date: Wed, 12 Sep 2018 09:16:37 +0200 Subject: [PATCH 06/23] Check json format --- monarc/machinetag.json | 314 ++++++++++++++++++++--------------------- 1 file changed, 157 insertions(+), 157 deletions(-) diff --git a/monarc/machinetag.json b/monarc/machinetag.json index accdc96..f41dff6 100644 --- a/monarc/machinetag.json +++ b/monarc/machinetag.json @@ -1,217 +1,217 @@ { - "namespace": "monarc", - "expanded": "MONARC Threats", - "version": 1.0, - "description": "MONARC Threats Taxonomy", - "refs": [ + "namespace": "monarc", + "expanded": "MONARC Threats", + "version": 1, + "description": "MONARC Threats Taxonomy", + "refs": [ "https://monarc.lu" - ], - "predicates": [ + ], + "predicates": [ { - "value": "compromise-of-functions", + "value": "compromise-of-functions", "expanded": "Compromise of functions" }, - { - "value": "unauthorised-actions", + { + "value": "unauthorised-actions", "expanded": "Unauthorised actions" }, - { - "value": "compromise-of-information", + { + "value": "compromise-of-information", "expanded": "Compromise of information" }, - { - "value": "loss-of-essential-services", + { + "value": "loss-of-essential-services", "expanded": "Loss of essential services" }, - { - "value": "technical-failures", + { + "value": "technical-failures", "expanded": "Technical failures" }, - { - "value": "physical-damage", - "expanded": "Physical damage" - }, - ], - "values": [ { - "predicate": "compromise-of-functions", + "value": "physical-damage", + "expanded": "Physical damage" + } + ], + "values": [ + { + "predicate": "compromise-of-functions", "entry": [ { - "value": "error-in-use", + "value": "error-in-use", "expanded": "Error in use", - "description": "A person commits an operating error, input error or utilisation error on hardware or software." + "description": "A person commits an operating error, input error or utilisation error on hardware or software." }, { - "value": "forging-of-rights", + "value": "forging-of-rights", "expanded": "Forging of rights", - "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc." + "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc." }, { - "value": "eavesdropping", + "value": "eavesdropping", "expanded": "Eavesdropping", - "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication." + "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication." }, { - "value": "denial-of-actions", + "value": "denial-of-actions", "expanded": "Denial of actions", - "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation." + "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation." }, { - "value": "abuse-of-rights", + "value": "abuse-of-rights", "expanded": "Abuse of rights", - "description" : "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources." + "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources." }, { - "value": "breach-of-personnel-availability", + "value": "breach-of-personnel-availability", "expanded": "Breach of personnel availability", - "description" : "Absence of qualified or authorised personnel to execute the usual operations." + "description": "Absence of qualified or authorised personnel to execute the usual operations." } - ] - }, - { - "predicate": "unauthorised-actions", - "entry": [ - { - "value": "fraudulent-copying-or-use-of-counterfeit-software", + ] + }, + { + "predicate": "unauthorised-actions", + "entry": [ + { + "value": "fraudulent-copying-or-use-of-counterfeit-software", "expanded": "Fraudulent copying or use of counterfeit software", - "description": "Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software." + "description": "Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software." }, - { - "value": "corruption-of-data", + { + "value": "corruption-of-data", "expanded": "Corruption of data", - "description": "Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful." + "description": "Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful." }, - { - "value": "illegal-processing-of-data", + { + "value": "illegal-processing-of-data", "expanded": "Illegal processing of data", - "description": "A person carries out information processing that is forbidden by the law or a regulation." + "description": "A person carries out information processing that is forbidden by the law or a regulation." } - ] - } - { - "predicate": "compromise-of-information", - "entry": [ - { - "value": "remote-spying", + ] + }, + { + "predicate": "compromise-of-information", + "entry": [ + { + "value": "remote-spying", "expanded": "Remote spying", - "description": "Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard." + "description": "Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard." }, - { - "value": "tampering-with-hardware", + { + "value": "tampering-with-hardware", "expanded": "Tampering with hardware", - "description": "Someone with access to a communication medium or equipment installs an interception or destruction device in it." + "description": "Someone with access to a communication medium or equipment installs an interception or destruction device in it." }, - { - "value": "interception-of-compromising-interference-signals", + { + "value": "interception-of-compromising-interference-signals", "expanded": "Interception of compromising interference signals", - "description": "Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon)." - } - { - "value": "theft-or-destruction-of-media-documents-or-equipment", + "description": "Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon)." + }, + { + "value": "theft-or-destruction-of-media-documents-or-equipment", "expanded": "Theft or destruction of media, documents or equipment", - "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen." + "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen." }, - { - "value": "retrieval-of-recycled-or-discarded media", + { + "value": "retrieval-of-recycled-or-discarded media", "expanded": "Retrieval of recycled or discarded media", - "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information." + "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information." }, - { - "value": "malware-infection", + { + "value": "malware-infection", "expanded": "Malware infection", - "description": "Unwanted software that is doing operations seeking to harm the company." - } - { - "value": "data-from-untrustworthy-sources", + "description": "Unwanted software that is doing operations seeking to harm the company." + }, + { + "value": "data-from-untrustworthy-sources", "expanded": "Data from untrustworthy sources", - "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation." + "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation." }, - { - "value": "disclosure", + { + "value": "disclosure", "expanded": "Disclosure", - "description": "Person who voluntarily or negligently disclosure information." + "description": "Person who voluntarily or negligently disclosure information." } - ] - } - { - "predicate": "loss-of-essential-services", - "entry": [ - { - "value": "failure-of-telecommunication-equipment", + ] + }, + { + "predicate": "loss-of-essential-services", + "entry": [ + { + "value": "failure-of-telecommunication-equipment", "expanded": "Failure of telecommunication equipment", - "description": "Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network)." + "description": "Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network)." }, - { - "value": "loss-of-power-supply", + { + "value": "loss-of-power-supply", "expanded": "Loss of power supply", - "description": "Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier's service or from the internal distribution system." + "description": "Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier's service or from the internal distribution system." }, - { - "value": "failure-of-air-conditioning", + { + "value": "failure-of-air-conditioning", "expanded": "Failure of air-conditioning", - "description": "Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely." + "description": "Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely." } - ] - } - { - "predicate": "technical-failures", - "entry": [ - { - "value": "software-malfunction", - "expanded": "Software malfunction", - "description": "Design error, installation error or operating error committed during modification causing incorrect execution." - }, - { - "value": "equipment-malfunction-or-failure", - "expanded": "Equipment malfunction or failure", - "description": "Logical or physical event causing hardware malfunctions or failures." - }, - { - "value": "saturation-of-the-information-system", - "expanded": "Saturation of the information system", - "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment." - }, - { - "value": "breach-of-information-system-maintainability", - "expanded": "Breach of information system maintainability", - "description": "Lack of expertise in the system making retrofitting and upgrading impossible." - } - ] - } - { - "predicate": "physical-damage", - "entry": [ - { - "value": "destruction-of-equipment-or-supports", - "expanded": "Destruction of equipment or supports", - "description": "Event causing destruction of equipment or media." - }, - { - "value": "fire", - "expanded": "Fire", - "description": "Any situation that could facilitate the conflagration of premises or equipment." - }, - { - "value": "water-damage", - "expanded": "Water damage", - "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)." - }, - { - "value": "major-accident", - "expanded": "Major accident", - "description": "Any event that can physically destroy the premises." - }, - { - "value": "pollution", - "expanded": "Pollution", - "description": "Presence of dust, vapours, corrosive or toxic gases in the ambient air." - }, - { - "value": "environmental-disaster", - "expanded": "Environmental disaster (fire, flood, dust, dirt, etc.)", - "description": "Any event that can physically ruin the premises" - } - ] - } - ] + ] + }, + { + "predicate": "technical-failures", + "entry": [ + { + "value": "software-malfunction", + "expanded": "Software malfunction", + "description": "Design error, installation error or operating error committed during modification causing incorrect execution." + }, + { + "value": "equipment-malfunction-or-failure", + "expanded": "Equipment malfunction or failure", + "description": "Logical or physical event causing hardware malfunctions or failures." + }, + { + "value": "saturation-of-the-information-system", + "expanded": "Saturation of the information system", + "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment." + }, + { + "value": "breach-of-information-system-maintainability", + "expanded": "Breach of information system maintainability", + "description": "Lack of expertise in the system making retrofitting and upgrading impossible" + } + ] + }, + { + "predicate": "physical-damage", + "entry": [ + { + "value": "destruction-of-equipment-or-supports", + "expanded": "Destruction of equipment or supports", + "description": "Event causing destruction of equipment or media." + }, + { + "value": "fire", + "expanded": "Fire", + "description": "Any situation that could facilitate the conflagration of premises or equipment." + }, + { + "value": "water-damage", + "expanded": "Water damage", + "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)" + }, + { + "value": "major-accident", + "expanded": "Major accident", + "description": "Any event that can physically destroy the premises" + }, + { + "value": "pollution", + "expanded": "Pollution", + "description": "Presence of dust, vapours, corrosive or toxic gases in the ambient air." + }, + { + "value": "environmental-disaster", + "expanded": "Environmental disaster (fire, flood, dust, dirt, etc.)", + "description": "Any event that can physically ruin the premises" + } + ] + } + ] } From dd67360a2ef162e19e209be057ac1c18136ce084 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 12 Sep 2018 09:29:54 +0200 Subject: [PATCH 07/23] chg: [monarc] change the namespace to monarc-threat (more to come) --- {monarc => monarc-threat}/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename {monarc => monarc-threat}/machinetag.json (99%) diff --git a/monarc/machinetag.json b/monarc-threat/machinetag.json similarity index 99% rename from monarc/machinetag.json rename to monarc-threat/machinetag.json index f41dff6..15f512c 100644 --- a/monarc/machinetag.json +++ b/monarc-threat/machinetag.json @@ -1,5 +1,5 @@ { - "namespace": "monarc", + "namespace": "monarc-threat", "expanded": "MONARC Threats", "version": 1, "description": "MONARC Threats Taxonomy", From 7f36c65c549c456e902413d266c93917a4d6b8d9 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 12 Sep 2018 09:31:11 +0200 Subject: [PATCH 08/23] chg: [monarc-threat] taxonomy added --- MANIFEST.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/MANIFEST.json b/MANIFEST.json index feba71c..6a2e848 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -349,11 +349,16 @@ "version": 1, "name": "ifx-vetting", "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process" + }, + { + "version": 1, + "name": "monarc-threat", + "description": "MONARC threat taxonomy." } ], "path": "machinetag.json", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20180831" + "version": "20180912" } From ee64138892518d3f993cac697aea3b3336d75a91 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 22 Sep 2018 20:28:47 +0200 Subject: [PATCH 09/23] chg: [honeypot-basic] extended with adaptive interaction level. ref: http://www.ecmlpkdd2018.org/wp-content/uploads/2018/09/262.pdf --- honeypot-basic/machinetag.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/honeypot-basic/machinetag.json b/honeypot-basic/machinetag.json index 1471ffe..ab198c0 100644 --- a/honeypot-basic/machinetag.json +++ b/honeypot-basic/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "honeypot-basic", - "description": "Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", - "version": 2, + "description": "Updated (CIRCL and Seamus Dowling) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", + "version": 3, "predicates": [ { "value": "interaction-level", @@ -52,6 +52,11 @@ "value": "none", "expanded": "No interaction capabilities", "description": "No exposed functionality in the honeypot." + }, + { + "value": "adaptive", + "expanded": "Learns from attack interaction", + "description": "Learns from attack interaction" } ] }, From 0c4cdac38d3453b854ad50ba8ed36d7fc4933f99 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 24 Sep 2018 15:46:53 +0200 Subject: [PATCH 10/23] chg: [honeypot-basic] medium interaction added (based on various papers definition from EURECOM to Georg Wicherski paper) --- honeypot-basic/machinetag.json | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/honeypot-basic/machinetag.json b/honeypot-basic/machinetag.json index ab198c0..509ae0c 100644 --- a/honeypot-basic/machinetag.json +++ b/honeypot-basic/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "honeypot-basic", - "description": "Updated (CIRCL and Seamus Dowling) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", - "version": 3, + "description": "Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", + "version": 4, "predicates": [ { "value": "interaction-level", @@ -43,10 +43,15 @@ "expanded": "High Interaction Level", "description": "Exposed functionality of the honeypot is not limited." }, + { + "value": "medium", + "expanded": "Medium Interaction Level", + "description": "Exposed functionality of the honeypot is limited to the service without exposing the full operating system." + }, { "value": "low", "expanded": "low Interaction Level", - "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination" + "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination." }, { "value": "none", From f67d13ae654e19065e98a9810098aed1c48bffe1 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 24 Sep 2018 15:48:41 +0200 Subject: [PATCH 11/23] chg: [manifest] updated to the latest revision --- MANIFEST.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index 6a2e848..865e0c4 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -256,7 +256,7 @@ "description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries." }, { - "version": 2, + "version": 4, "name": "honeypot-basic", "description": "Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" }, @@ -360,5 +360,5 @@ "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20180912" + "version": "20180924" } From 4c70d06efb64dc73c571f77bd562da82102d261e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 24 Sep 2018 15:31:49 -0400 Subject: [PATCH 12/23] fix: remove empty expanded field Fix #117 --- ifx-vetting/machinetag.json | 305 ++++++++++++------------------------ 1 file changed, 102 insertions(+), 203 deletions(-) diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json index bbd8987..89804ef 100644 --- a/ifx-vetting/machinetag.json +++ b/ifx-vetting/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "ifx-vetting", "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", - "version": 1, + "version": 2, "predicates": [ { "value": "vetted", @@ -58,408 +58,307 @@ "predicate": "score", "entry": [ { - "value": "0", - "expanded": "" + "value": "0" }, { - "value": "1", - "expanded": "" + "value": "1" }, { - "value": "2", - "expanded": "" + "value": "2" }, { - "value": "3", - "expanded": "" + "value": "3" }, { - "value": "4", - "expanded": "" + "value": "4" }, { - "value": "5", - "expanded": "" + "value": "5" }, { - "value": "6", - "expanded": "" + "value": "6" }, { - "value": "7", - "expanded": "" + "value": "7" }, { - "value": "8", - "expanded": "" + "value": "8" }, { - "value": "9", - "expanded": "" + "value": "9" }, { - "value": "10", - "expanded": "" + "value": "10" }, { - "value": "11", - "expanded": "" + "value": "11" }, { - "value": "12", - "expanded": "" + "value": "12" }, { - "value": "13", - "expanded": "" + "value": "13" }, { - "value": "14", - "expanded": "" + "value": "14" }, { - "value": "15", - "expanded": "" + "value": "15" }, { - "value": "16", - "expanded": "" + "value": "16" }, { - "value": "17", - "expanded": "" + "value": "17" }, { - "value": "18", - "expanded": "" + "value": "18" }, { - "value": "19", - "expanded": "" + "value": "19" }, { - "value": "20", - "expanded": "" + "value": "20" }, { - "value": "21", - "expanded": "" + "value": "21" }, { - "value": "22", - "expanded": "" + "value": "22" }, { - "value": "23", - "expanded": "" + "value": "23" }, { - "value": "24", - "expanded": "" + "value": "24" }, { - "value": "25", - "expanded": "" + "value": "25" }, { - "value": "26", - "expanded": "" + "value": "26" }, { - "value": "27", - "expanded": "" + "value": "27" }, { - "value": "28", - "expanded": "" + "value": "28" }, { - "value": "29", - "expanded": "" + "value": "29" }, { - "value": "30", - "expanded": "" + "value": "30" }, { - "value": "31", - "expanded": "" + "value": "31" }, { - "value": "32", - "expanded": "" + "value": "32" }, { - "value": "33", - "expanded": "" + "value": "33" }, { - "value": "34", - "expanded": "" + "value": "34" }, { - "value": "35", - "expanded": "" + "value": "35" }, { - "value": "36", - "expanded": "" + "value": "36" }, { - "value": "37", - "expanded": "" + "value": "37" }, { - "value": "38", - "expanded": "" + "value": "38" }, { - "value": "39", - "expanded": "" + "value": "39" }, { - "value": "40", - "expanded": "" + "value": "40" }, { - "value": "41", - "expanded": "" + "value": "41" }, { - "value": "42", - "expanded": "" + "value": "42" }, { - "value": "43", - "expanded": "" + "value": "43" }, { - "value": "44", - "expanded": "" + "value": "44" }, { - "value": "45", - "expanded": "" + "value": "45" }, { - "value": "46", - "expanded": "" + "value": "46" }, { - "value": "47", - "expanded": "" + "value": "47" }, { - "value": "48", - "expanded": "" + "value": "48" }, { - "value": "49", - "expanded": "" + "value": "49" }, { - "value": "50", - "expanded": "" + "value": "50" }, { - "value": "51", - "expanded": "" + "value": "51" }, { - "value": "52", - "expanded": "" + "value": "52" }, { - "value": "53", - "expanded": "" + "value": "53" }, { - "value": "54", - "expanded": "" + "value": "54" }, { - "value": "55", - "expanded": "" + "value": "55" }, { - "value": "56", - "expanded": "" + "value": "56" }, { - "value": "57", - "expanded": "" + "value": "57" }, { - "value": "58", - "expanded": "" + "value": "58" }, { - "value": "59", - "expanded": "" + "value": "59" }, { - "value": "60", - "expanded": "" + "value": "60" }, { - "value": "61", - "expanded": "" + "value": "61" }, { - "value": "62", - "expanded": "" + "value": "62" }, { - "value": "63", - "expanded": "" + "value": "63" }, { - "value": "64", - "expanded": "" + "value": "64" }, { - "value": "65", - "expanded": "" + "value": "65" }, { - "value": "66", - "expanded": "" + "value": "66" }, { - "value": "67", - "expanded": "" + "value": "67" }, { - "value": "68", - "expanded": "" + "value": "68" }, { - "value": "69", - "expanded": "" + "value": "69" }, { - "value": "70", - "expanded": "" + "value": "70" }, { - "value": "71", - "expanded": "" + "value": "71" }, { - "value": "72", - "expanded": "" + "value": "72" }, { - "value": "73", - "expanded": "" + "value": "73" }, { - "value": "74", - "expanded": "" + "value": "74" }, { - "value": "75", - "expanded": "" + "value": "75" }, { - "value": "76", - "expanded": "" + "value": "76" }, { - "value": "77", - "expanded": "" + "value": "77" }, { - "value": "78", - "expanded": "" + "value": "78" }, { - "value": "79", - "expanded": "" + "value": "79" }, { - "value": "80", - "expanded": "" + "value": "80" }, { - "value": "81", - "expanded": "" + "value": "81" }, { - "value": "82", - "expanded": "" + "value": "82" }, { - "value": "83", - "expanded": "" + "value": "83" }, { - "value": "84", - "expanded": "" + "value": "84" }, { - "value": "85", - "expanded": "" + "value": "85" }, { - "value": "86", - "expanded": "" + "value": "86" }, { - "value": "87", - "expanded": "" + "value": "87" }, { - "value": "88", - "expanded": "" + "value": "88" }, { - "value": "89", - "expanded": "" + "value": "89" }, { - "value": "90", - "expanded": "" + "value": "90" }, { - "value": "91", - "expanded": "" + "value": "91" }, { - "value": "92", - "expanded": "" + "value": "92" }, { - "value": "93", - "expanded": "" + "value": "93" }, { - "value": "94", - "expanded": "" + "value": "94" }, { - "value": "95", - "expanded": "" + "value": "95" }, { - "value": "96", - "expanded": "" + "value": "96" }, { - "value": "97", - "expanded": "" + "value": "97" }, { - "value": "98", - "expanded": "" + "value": "98" }, { - "value": "99", - "expanded": "" + "value": "99" }, { - "value": "100", - "expanded": "" + "value": "100" } ] } From aa5f75813159ff48b28d332249a1628872e4656b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 29 Sep 2018 19:23:46 +0200 Subject: [PATCH 13/23] chg: [admiralty-scale] when information or source cannot be judged - the numerical scale should be 50% as the information is considered as an average estimated trust. source: Scientific Methods of Inquiry of Intelligence Analysis --- admiralty-scale/machinetag.json | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/admiralty-scale/machinetag.json b/admiralty-scale/machinetag.json index 1e2aea7..0ba25bd 100755 --- a/admiralty-scale/machinetag.json +++ b/admiralty-scale/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "admiralty-scale", "description": "The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.", - "version": 2, + "version": 3, "predicates": [ { "value": "source-reliability", @@ -43,7 +43,8 @@ }, { "value": "f", - "expanded": "Reliability cannot be judged" + "expanded": "Reliability cannot be judged", + "numerical_value": 50 } ] }, @@ -77,7 +78,8 @@ }, { "value": "6", - "expanded": "Truth cannot be judged" + "expanded": "Truth cannot be judged", + "numerical_value": 50 } ] } From ba66c7d507fb74e1a6f485c744342cdea8c8d99f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 29 Sep 2018 19:28:36 +0200 Subject: [PATCH 14/23] chg: [admiralty-scale] deliberately deceptive added Issue to solve: ref. Scientific Methods of Inquiry of Intelligence Analysis added additional code and there is an inconsistency in the values. Other docs to be checked for colliding values required. --- admiralty-scale/machinetag.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/admiralty-scale/machinetag.json b/admiralty-scale/machinetag.json index 0ba25bd..ed29ea5 100755 --- a/admiralty-scale/machinetag.json +++ b/admiralty-scale/machinetag.json @@ -45,6 +45,11 @@ "value": "f", "expanded": "Reliability cannot be judged", "numerical_value": 50 + }, + { + "value": "g", + "expanded": "Deliberatly deceptive", + "numerical_value": 0 } ] }, From 38a4481c1b0fc511f9ab8789eb8d329f314c1cac Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sun, 30 Sep 2018 15:42:36 +0200 Subject: [PATCH 15/23] chg: [admiralty-scale] description has been included based on below ref ref: https://fas.org/irp/doddir/army/fm2-22-3.pdf --- admiralty-scale/machinetag.json | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) mode change 100755 => 100644 admiralty-scale/machinetag.json diff --git a/admiralty-scale/machinetag.json b/admiralty-scale/machinetag.json old mode 100755 new mode 100644 index ed29ea5..9fe86ee --- a/admiralty-scale/machinetag.json +++ b/admiralty-scale/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "admiralty-scale", - "description": "The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.", - "version": 3, + "description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.", + "version": 4, "predicates": [ { "value": "source-reliability", @@ -19,31 +19,37 @@ { "value": "a", "expanded": "Completely reliable", + "description": "No doubt of authenticity, trustworthiness, or competency; has a history of complete reliability", "numerical_value": 100 }, { "value": "b", "expanded": "Usually reliable", + "description": "Minor doubt about authenticity, trustworthiness, or competency; has a history of valid information most of the time", "numerical_value": 75 }, { "value": "c", "expanded": "Fairly reliable", + "description": "Doubt of authenticity, trustworthiness, or competency but has provided valid information in the past", "numerical_value": 50 }, { "value": "d", "expanded": "Not usually reliable", + "description": "Significant doubt about authenticity, trustworthiness, or co mpetency but has provided valid information in the past", "numerical_value": 25 }, { "value": "e", "expanded": "Unreliable", + "description": "Lacking in authenticity, trustworthiness, and competency; history of invalid information", "numerical_value": 0 }, { "value": "f", "expanded": "Reliability cannot be judged", + "description": "No basis exists for evaluating the reliability of the source", "numerical_value": 50 }, { @@ -59,31 +65,37 @@ { "value": "1", "expanded": "Confirmed by other sources", + "description": "Confirmed by other independent sources; logical in itself; Consistent with other information on the subject", "numerical_value": 100 }, { "value": "2", "expanded": "Probably true", + "description": "Not confirmed; logical in itself; consistent with other information on the subject", "numerical_value": 75 }, { "value": "3", "expanded": "Possibly true", + "description": "Not confirmed; reasonably logical in itself; agrees with some other information on the subject", "numerical_value": 50 }, { "value": "4", "expanded": "Doubtful", + "description": "Not confirmed; possible but not logical ; no other information on the subject", "numerical_value": 25 }, { "value": "5", "expanded": "Improbable", + "description": "Not confirmed; not logical in itself; contradicted by other information on the subject", "numerical_value": 0 }, { "value": "6", "expanded": "Truth cannot be judged", + "description": "No basis exists for evaluating the validity of the information", "numerical_value": 50 } ] From 334f37635f24039cf03ef9e5bd18757d207a577e Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:01:41 +0100 Subject: [PATCH 16/23] [add] new file-type taxonomy --- file-type/machinetag.json | 663 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 663 insertions(+) create mode 100755 file-type/machinetag.json diff --git a/file-type/machinetag.json b/file-type/machinetag.json new file mode 100755 index 0000000..a6bf779 --- /dev/null +++ b/file-type/machinetag.json @@ -0,0 +1,663 @@ +{ + "values": [ + { + "entry": [ + { + "colour": "#00cc7e", + "expanded": "executable", + "value": "peexe" + }, + { + "colour": "#33ffb1", + "expanded": "executable", + "value": " pedll" + }, + { + "colour": "#66ffc4", + "expanded": "executable", + "value": " neexe" + }, + { + "colour": "#4dffbb", + "expanded": "executable", + "value": " nedll" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " mz" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " msi" + }, + { + "colour": "#33ffb1", + "expanded": "executable", + "value": " com" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " coff" + }, + { + "colour": "#ccffeb", + "expanded": "executable", + "value": " elf" + }, + { + "colour": "#99ffd8", + "expanded": "executable", + "value": " krnl" + }, + { + "colour": "#80ffce", + "expanded": "executable", + "value": " rpm" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " linux" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " macho" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " elf32" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " elf64" + }, + { + "colour": "#00e68e", + "expanded": "executable", + "value": " elfso" + }, + { + "colour": "#00804f", + "expanded": "executable", + "value": " peexe32" + }, + { + "colour": "#00cc7e", + "expanded": "executable", + "value": " peexe64" + }, + { + "colour": "#00663f", + "expanded": "executable", + "value": " assembly" + }, + { + "colour": "#004d2f", + "expanded": "internet", + "value": "html" + }, + { + "colour": "#00995e", + "expanded": "internet", + "value": " xml" + }, + { + "colour": "#80ffce", + "expanded": "internet", + "value": " flash" + }, + { + "colour": "#00663f", + "expanded": "internet", + "value": " fla" + }, + { + "colour": "#99ffd8", + "expanded": "internet", + "value": " iecookie" + }, + { + "colour": "#004d2f", + "expanded": "internet", + "value": " bittorrent" + }, + { + "colour": "#00804f", + "expanded": "internet", + "value": " email" + }, + { + "colour": "#99ffd8", + "expanded": "internet", + "value": " outlook" + }, + { + "colour": "#33ffb1", + "expanded": "internet", + "value": " cap" + }, + { + "colour": "#00b36e", + "expanded": "phone and tablet", + "value": "symbian" + }, + { + "colour": "#00663f", + "expanded": "phone and tablet", + "value": " palmos" + }, + { + "colour": "#00cc7e", + "expanded": "phone and tablet", + "value": " wince" + }, + { + "colour": "#99ffd8", + "expanded": "phone and tablet", + "value": " android" + }, + { + "colour": "#b3ffe2", + "expanded": "phone and tablet", + "value": " iphone" + }, + { + "colour": "#00cc7e", + "expanded": "image", + "value": "jpeg" + }, + { + "colour": "#b3ffe2", + "expanded": "image", + "value": " emf" + }, + { + "colour": "#ccffeb", + "expanded": "image", + "value": " tiff" + }, + { + "colour": "#00e68e", + "expanded": "image", + "value": " gif" + }, + { + "colour": "#4dffbb", + "expanded": "image", + "value": " png" + }, + { + "colour": "#00995e", + "expanded": "image", + "value": " bmp" + }, + { + "colour": "#00b36e", + "expanded": "image", + "value": " gimp" + }, + { + "colour": "#b3ffe2", + "expanded": "image", + "value": " indesign" + }, + { + "colour": "#00ff9d", + "expanded": "image", + "value": " psd" + }, + { + "colour": "#99ffd8", + "expanded": "image", + "value": " targa" + }, + { + "colour": "#33ffb1", + "expanded": "image", + "value": " xws" + }, + { + "colour": "#00e68e", + "expanded": "image", + "value": " dib" + }, + { + "colour": "#80ffce", + "expanded": "image", + "value": " jng" + }, + { + "colour": "#00e68e", + "expanded": "image", + "value": " ico" + }, + { + "colour": "#1affa7", + "expanded": "image", + "value": " fpx" + }, + { + "colour": "#80ffce", + "expanded": "image", + "value": " eps" + }, + { + "colour": "#66ffc4", + "expanded": "image", + "value": " svg" + }, + { + "colour": "#00e68e", + "expanded": "video and audio", + "value": "ogg" + }, + { + "colour": "#80ffce", + "expanded": "video and audio", + "value": " flc" + }, + { + "colour": "#ccffeb", + "expanded": "video and audio", + "value": " fli" + }, + { + "colour": "#80ffce", + "expanded": "video and audio", + "value": " mp3" + }, + { + "colour": "#99ffd8", + "expanded": "video and audio", + "value": " flac" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " wav" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " midi" + }, + { + "colour": "#00663f", + "expanded": "video and audio", + "value": " avi" + }, + { + "colour": "#00663f", + "expanded": "video and audio", + "value": " mpeg" + }, + { + "colour": "#80ffce", + "expanded": "video and audio", + "value": " qt" + }, + { + "colour": "#66ffc4", + "expanded": "video and audio", + "value": " asf" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " divx" + }, + { + "colour": "#004d2f", + "expanded": "video and audio", + "value": " flv" + }, + { + "colour": "#99ffd8", + "expanded": "video and audio", + "value": " wma" + }, + { + "colour": "#4dffbb", + "expanded": "video and audio", + "value": " wmv" + }, + { + "colour": "#b3ffe2", + "expanded": "video and audio", + "value": " rm" + }, + { + "colour": "#1affa7", + "expanded": "video and audio", + "value": " mov" + }, + { + "colour": "#66ffc4", + "expanded": "video and audio", + "value": " mp4" + }, + { + "colour": "#00cc7e", + "expanded": "video and audio", + "value": " 3gp" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": "text" + }, + { + "colour": "#66ffc4", + "expanded": "document", + "value": " pdf" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": " ps" + }, + { + "colour": "#66ffc4", + "expanded": "document", + "value": " doc" + }, + { + "colour": "#b3ffe2", + "expanded": "document", + "value": " docx" + }, + { + "colour": "#b3ffe2", + "expanded": "document", + "value": " rtf" + }, + { + "colour": "#80ffce", + "expanded": "document", + "value": " ppt" + }, + { + "colour": "#1affa7", + "expanded": "document", + "value": " pptx" + }, + { + "colour": "#33ffb1", + "expanded": "document", + "value": " xls" + }, + { + "colour": "#00804f", + "expanded": "document", + "value": " xlsx" + }, + { + "colour": "#00663f", + "expanded": "document", + "value": " odp" + }, + { + "colour": "#00ff9d", + "expanded": "document", + "value": " ods" + }, + { + "colour": "#00663f", + "expanded": "document", + "value": " odt" + }, + { + "colour": "#33ffb1", + "expanded": "document", + "value": " hwp" + }, + { + "colour": "#004d2f", + "expanded": "document", + "value": " gul" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": " ebook" + }, + { + "colour": "#00b36e", + "expanded": "document", + "value": " latex" + }, + { + "colour": "#00b36e", + "expanded": "bundle", + "value": "isoimage" + }, + { + "colour": "#33ffb1", + "expanded": "bundle", + "value": " zip" + }, + { + "colour": "#00b36e", + "expanded": "bundle", + "value": " gzip" + }, + { + "colour": "#00663f", + "expanded": "bundle", + "value": " bzip" + }, + { + "colour": "#66ffc4", + "expanded": "bundle", + "value": " rzip" + }, + { + "colour": "#b3ffe2", + "expanded": "bundle", + "value": " dzip" + }, + { + "colour": "#99ffd8", + "expanded": "bundle", + "value": " 7zip" + }, + { + "colour": "#4dffbb", + "expanded": "bundle", + "value": " cab" + }, + { + "colour": "#99ffd8", + "expanded": "bundle", + "value": " jar" + }, + { + "colour": "#ccffeb", + "expanded": "bundle", + "value": " rar" + }, + { + "colour": "#00fa9a", + "expanded": "bundle", + "value": " mscompress" + }, + { + "colour": "#80ffce", + "expanded": "bundle", + "value": " ace" + }, + { + "colour": "#00804f", + "expanded": "bundle", + "value": " arc" + }, + { + "colour": "#ccffeb", + "expanded": "bundle", + "value": " arj" + }, + { + "colour": "#004d2f", + "expanded": "bundle", + "value": " asd" + }, + { + "colour": "#33ffb1", + "expanded": "bundle", + "value": " blackhole" + }, + { + "colour": "#00663f", + "expanded": "bundle", + "value": " kgb" + }, + { + "colour": "#00cc7e", + "expanded": "bundle", + "value": " xz" + }, + { + "colour": "#66ffc4", + "expanded": "code", + "value": "script" + }, + { + "colour": "#4dffbb", + "expanded": "code", + "value": " php" + }, + { + "colour": "#99ffd8", + "expanded": "code", + "value": " python" + }, + { + "colour": "#004d2f", + "expanded": "code", + "value": " perl" + }, + { + "colour": "#00995e", + "expanded": "code", + "value": " ruby" + }, + { + "colour": "#1affa7", + "expanded": "code", + "value": " c" + }, + { + "colour": "#00804f", + "expanded": "code", + "value": " cpp" + }, + { + "colour": "#4dffbb", + "expanded": "code", + "value": " java" + }, + { + "colour": "#1affa7", + "expanded": "code", + "value": " shell" + }, + { + "colour": "#00ff9d", + "expanded": "code", + "value": " pascal" + }, + { + "colour": "#00804f", + "expanded": "code", + "value": " awk" + }, + { + "colour": "#00804f", + "expanded": "code", + "value": " dyalog" + }, + { + "colour": "#00fa9a", + "expanded": "code", + "value": " fortran" + }, + { + "colour": "#80ffce", + "expanded": "code", + "value": " java-bytecode" + }, + { + "colour": "#33ffb1", + "expanded": "apple", + "value": "apple" + }, + { + "colour": "#33ffb1", + "expanded": "apple", + "value": " mac" + }, + { + "colour": "#00804f", + "expanded": "apple", + "value": " applesingle" + }, + { + "colour": "#00ff9d", + "expanded": "apple", + "value": " appledouble" + }, + { + "colour": "#00b36e", + "expanded": "apple", + "value": " machfs" + }, + { + "colour": "#00ff9d", + "expanded": "apple", + "value": " appleplist" + }, + { + "colour": "#00b36e", + "expanded": "apple", + "value": " maclib" + }, + { + "colour": "#00663f", + "expanded": "miscellaneous", + "value": "lnk" + }, + { + "colour": "#1affa7", + "expanded": "miscellaneous", + "value": " ttf" + }, + { + "colour": "#00ff9d", + "expanded": "miscellaneous", + "value": " rom" + }, + { + "colour": "#00e68e", + "expanded": "miscellaneous", + "value": " data" + } + ], + "predicate": "type" + } + ], + "predicates": [ + { + "expanded": "File category", + "value": "type" + } + ], + "version": 1, + "description": "List of known file types.", + "namespace": "file" +} From 061b2bfb8ce16b98fba430063e8602aabfd209fe Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:04:46 +0100 Subject: [PATCH 17/23] [add] file-type taxonomy description --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5ac11e7..19069da 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ bfuscation techniques. This taxonomy lists all the known or official packer used - Vocabulary for Event Recording and Incident Sharing [VERIS](./veris) - [Binary Classification](./binary-class) safe/malicious binary tagging - [Workflow](./workflow) support language is a common language to support intelligence analysts to perform their analysis on data and information. +- [file-type](./file-type) - List of known file types. ### [Admiralty Scale](./admiralty-scale) From eeed4adf002996f0996ab7385a46c660a654c64d Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:07:48 +0100 Subject: [PATCH 18/23] [add] new file-type taxonomy + version bump --- MANIFEST.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/MANIFEST.json b/MANIFEST.json index 865e0c4..7b3355b 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -354,11 +354,16 @@ "version": 1, "name": "monarc-threat", "description": "MONARC threat taxonomy." + }, + { + "version": 1, + "name": "file", + "description": "List of known file types." } ], "path": "machinetag.json", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20180924" + "version": "20180930" } From 240c56ae2ac18cba94e5280836774778f8c03fc1 Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:12:52 +0100 Subject: [PATCH 19/23] [fix] remove duplicated words --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 19069da..5a786d1 100644 --- a/README.md +++ b/README.md @@ -202,7 +202,7 @@ $ cd privatetaxonomy $ vi machinetag.json ~~~~ -Create a JSON file Create a JSON file describing your taxonomy as triple tags. +Create a JSON file describing your taxonomy as triple tags. Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy. From 39ed603f53d781d30b2fee8ce806c3ed60d667b6 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sun, 30 Sep 2018 16:21:01 +0200 Subject: [PATCH 20/23] chg: [ifx-vetting] add expanded values to IFX vetting --- ifx-vetting/machinetag.json | 303 ++++++++++++++++++++++++------------ 1 file changed, 202 insertions(+), 101 deletions(-) diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json index 89804ef..9cf5ed0 100644 --- a/ifx-vetting/machinetag.json +++ b/ifx-vetting/machinetag.json @@ -58,307 +58,408 @@ "predicate": "score", "entry": [ { - "value": "0" + "value": "0", + "expanded": "0" }, { - "value": "1" + "value": "1", + "expanded": "1" }, { - "value": "2" + "value": "2", + "expanded": "2" }, { - "value": "3" + "value": "3", + "expanded": "3" }, { - "value": "4" + "value": "4", + "expanded": "4" }, { - "value": "5" + "value": "5", + "expanded": "5" }, { - "value": "6" + "value": "6", + "expanded": "6" }, { - "value": "7" + "value": "7", + "expanded": "7" }, { - "value": "8" + "value": "8", + "expanded": "8" }, { - "value": "9" + "value": "9", + "expanded": "9" }, { - "value": "10" + "value": "10", + "expanded": "10" }, { - "value": "11" + "value": "11", + "expanded": "11" }, { - "value": "12" + "value": "12", + "expanded": "12" }, { - "value": "13" + "value": "13", + "expanded": "13" }, { - "value": "14" + "value": "14", + "expanded": "14" }, { - "value": "15" + "value": "15", + "expanded": "15" }, { - "value": "16" + "value": "16", + "expanded": "16" }, { - "value": "17" + "value": "17", + "expanded": "17" }, { - "value": "18" + "value": "18", + "expanded": "18" }, { - "value": "19" + "value": "19", + "expanded": "19" }, { - "value": "20" + "value": "20", + "expanded": "20" }, { - "value": "21" + "value": "21", + "expanded": "21" }, { - "value": "22" + "value": "22", + "expanded": "22" }, { - "value": "23" + "value": "23", + "expanded": "23" }, { - "value": "24" + "value": "24", + "expanded": "24" }, { - "value": "25" + "value": "25", + "expanded": "25" }, { - "value": "26" + "value": "26", + "expanded": "26" }, { - "value": "27" + "value": "27", + "expanded": "27" }, { - "value": "28" + "value": "28", + "expanded": "28" }, { - "value": "29" + "value": "29", + "expanded": "29" }, { - "value": "30" + "value": "30", + "expanded": "30" }, { - "value": "31" + "value": "31", + "expanded": "31" }, { - "value": "32" + "value": "32", + "expanded": "32" }, { - "value": "33" + "value": "33", + "expanded": "33" }, { - "value": "34" + "value": "34", + "expanded": "34" }, { - "value": "35" + "value": "35", + "expanded": "35" }, { - "value": "36" + "value": "36", + "expanded": "36" }, { - "value": "37" + "value": "37", + "expanded": "37" }, { - "value": "38" + "value": "38", + "expanded": "38" }, { - "value": "39" + "value": "39", + "expanded": "39" }, { - "value": "40" + "value": "40", + "expanded": "40" }, { - "value": "41" + "value": "41", + "expanded": "41" }, { - "value": "42" + "value": "42", + "expanded": "42" }, { - "value": "43" + "value": "43", + "expanded": "43" }, { - "value": "44" + "value": "44", + "expanded": "44" }, { - "value": "45" + "value": "45", + "expanded": "45" }, { - "value": "46" + "value": "46", + "expanded": "46" }, { - "value": "47" + "value": "47", + "expanded": "47" }, { - "value": "48" + "value": "48", + "expanded": "48" }, { - "value": "49" + "value": "49", + "expanded": "49" }, { - "value": "50" + "value": "50", + "expanded": "50" }, { - "value": "51" + "value": "51", + "expanded": "51" }, { - "value": "52" + "value": "52", + "expanded": "52" }, { - "value": "53" + "value": "53", + "expanded": "53" }, { - "value": "54" + "value": "54", + "expanded": "54" }, { - "value": "55" + "value": "55", + "expanded": "55" }, { - "value": "56" + "value": "56", + "expanded": "56" }, { - "value": "57" + "value": "57", + "expanded": "57" }, { - "value": "58" + "value": "58", + "expanded": "58" }, { - "value": "59" + "value": "59", + "expanded": "59" }, { - "value": "60" + "value": "60", + "expanded": "60" }, { - "value": "61" + "value": "61", + "expanded": "61" }, { - "value": "62" + "value": "62", + "expanded": "62" }, { - "value": "63" + "value": "63", + "expanded": "63" }, { - "value": "64" + "value": "64", + "expanded": "64" }, { - "value": "65" + "value": "65", + "expanded": "65" }, { - "value": "66" + "value": "66", + "expanded": "66" }, { - "value": "67" + "value": "67", + "expanded": "67" }, { - "value": "68" + "value": "68", + "expanded": "68" }, { - "value": "69" + "value": "69", + "expanded": "69" }, { - "value": "70" + "value": "70", + "expanded": "70" }, { - "value": "71" + "value": "71", + "expanded": "71" }, { - "value": "72" + "value": "72", + "expanded": "72" }, { - "value": "73" + "value": "73", + "expanded": "73" }, { - "value": "74" + "value": "74", + "expanded": "74" }, { - "value": "75" + "value": "75", + "expanded": "75" }, { - "value": "76" + "value": "76", + "expanded": "76" }, { - "value": "77" + "value": "77", + "expanded": "77" }, { - "value": "78" + "value": "78", + "expanded": "78" }, { - "value": "79" + "value": "79", + "expanded": "79" }, { - "value": "80" + "value": "80", + "expanded": "80" }, { - "value": "81" + "value": "81", + "expanded": "81" }, { - "value": "82" + "value": "82", + "expanded": "82" }, { - "value": "83" + "value": "83", + "expanded": "83" }, { - "value": "84" + "value": "84", + "expanded": "84" }, { - "value": "85" + "value": "85", + "expanded": "85" }, { - "value": "86" + "value": "86", + "expanded": "86" }, { - "value": "87" + "value": "87", + "expanded": "87" }, { - "value": "88" + "value": "88", + "expanded": "88" }, { - "value": "89" + "value": "89", + "expanded": "89" }, { - "value": "90" + "value": "90", + "expanded": "90" }, { - "value": "91" + "value": "91", + "expanded": "91" }, { - "value": "92" + "value": "92", + "expanded": "92" }, { - "value": "93" + "value": "93", + "expanded": "93" }, { - "value": "94" + "value": "94", + "expanded": "94" }, { - "value": "95" + "value": "95", + "expanded": "95" }, { - "value": "96" + "value": "96", + "expanded": "96" }, { - "value": "97" + "value": "97", + "expanded": "97" }, { - "value": "98" + "value": "98", + "expanded": "98" }, { - "value": "99" + "value": "99", + "expanded": "99" }, { - "value": "100" + "value": "100", + "expanded": "100" } ] } From 7630b4035183eb7e0c2fbc10d1ac2d7950f4750b Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:28:29 +0100 Subject: [PATCH 21/23] Update MANIFEST.json --- MANIFEST.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MANIFEST.json b/MANIFEST.json index 7b3355b..d206079 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -357,7 +357,7 @@ }, { "version": 1, - "name": "file", + "name": "file-type", "description": "List of known file types." } ], From 35f77de69ca4b5197cf930dd761c075d0c0aa4d7 Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 15:34:10 +0100 Subject: [PATCH 22/23] Update machinetag.json --- file-type/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file-type/machinetag.json b/file-type/machinetag.json index a6bf779..d41ed5f 100755 --- a/file-type/machinetag.json +++ b/file-type/machinetag.json @@ -659,5 +659,5 @@ ], "version": 1, "description": "List of known file types.", - "namespace": "file" + "namespace": "file-type" } From 116ae36c17663e8cfbb326ddedde1105631a7616 Mon Sep 17 00:00:00 2001 From: raw-data Date: Sun, 30 Sep 2018 16:48:16 +0100 Subject: [PATCH 23/23] [fix] trim space content of value --- file-type/machinetag.json | 856 +++++++++++++++++++------------------- 1 file changed, 428 insertions(+), 428 deletions(-) diff --git a/file-type/machinetag.json b/file-type/machinetag.json index d41ed5f..afd4413 100755 --- a/file-type/machinetag.json +++ b/file-type/machinetag.json @@ -3,649 +3,649 @@ { "entry": [ { - "colour": "#00cc7e", + "colour": "#00804f", "expanded": "executable", "value": "peexe" }, { - "colour": "#33ffb1", + "colour": "#00e68e", "expanded": "executable", - "value": " pedll" + "value": "pedll" }, { - "colour": "#66ffc4", + "colour": "#00ff9d", "expanded": "executable", - "value": " neexe" - }, - { - "colour": "#4dffbb", - "expanded": "executable", - "value": " nedll" - }, - { - "colour": "#00804f", - "expanded": "executable", - "value": " mz" - }, - { - "colour": "#00cc7e", - "expanded": "executable", - "value": " msi" - }, - { - "colour": "#33ffb1", - "expanded": "executable", - "value": " com" - }, - { - "colour": "#00804f", - "expanded": "executable", - "value": " coff" - }, - { - "colour": "#ccffeb", - "expanded": "executable", - "value": " elf" - }, - { - "colour": "#99ffd8", - "expanded": "executable", - "value": " krnl" - }, - { - "colour": "#80ffce", - "expanded": "executable", - "value": " rpm" - }, - { - "colour": "#00804f", - "expanded": "executable", - "value": " linux" - }, - { - "colour": "#00804f", - "expanded": "executable", - "value": " macho" - }, - { - "colour": "#00cc7e", - "expanded": "executable", - "value": " elf32" - }, - { - "colour": "#00cc7e", - "expanded": "executable", - "value": " elf64" + "value": "neexe" }, { "colour": "#00e68e", "expanded": "executable", - "value": " elfso" + "value": "nedll" }, { - "colour": "#00804f", + "colour": "#1affa7", "expanded": "executable", - "value": " peexe32" + "value": "mz" }, { - "colour": "#00cc7e", + "colour": "#00b36e", "expanded": "executable", - "value": " peexe64" + "value": "msi" + }, + { + "colour": "#ccffeb", + "expanded": "executable", + "value": "com" + }, + { + "colour": "#66ffc4", + "expanded": "executable", + "value": "coff" + }, + { + "colour": "#1affa7", + "expanded": "executable", + "value": "elf" }, { "colour": "#00663f", "expanded": "executable", - "value": " assembly" + "value": "krnl" }, { - "colour": "#004d2f", + "colour": "#ccffeb", + "expanded": "executable", + "value": "rpm" + }, + { + "colour": "#66ffc4", + "expanded": "executable", + "value": "linux" + }, + { + "colour": "#ccffeb", + "expanded": "executable", + "value": "macho" + }, + { + "colour": "#80ffce", + "expanded": "executable", + "value": "elf32" + }, + { + "colour": "#99ffd8", + "expanded": "executable", + "value": "elf64" + }, + { + "colour": "#00b36e", + "expanded": "executable", + "value": "elfso" + }, + { + "colour": "#b3ffe2", + "expanded": "executable", + "value": "peexe32" + }, + { + "colour": "#00995e", + "expanded": "executable", + "value": "peexe64" + }, + { + "colour": "#00995e", + "expanded": "executable", + "value": "assembly" + }, + { + "colour": "#33ffb1", "expanded": "internet", "value": "html" }, + { + "colour": "#00e68e", + "expanded": "internet", + "value": "xml" + }, + { + "colour": "#ccffeb", + "expanded": "internet", + "value": "flash" + }, + { + "colour": "#1affa7", + "expanded": "internet", + "value": "fla" + }, + { + "colour": "#4dffbb", + "expanded": "internet", + "value": "iecookie" + }, { "colour": "#00995e", "expanded": "internet", - "value": " xml" + "value": "bittorrent" }, { - "colour": "#80ffce", + "colour": "#b3ffe2", "expanded": "internet", - "value": " flash" - }, - { - "colour": "#00663f", - "expanded": "internet", - "value": " fla" - }, - { - "colour": "#99ffd8", - "expanded": "internet", - "value": " iecookie" - }, - { - "colour": "#004d2f", - "expanded": "internet", - "value": " bittorrent" - }, - { - "colour": "#00804f", - "expanded": "internet", - "value": " email" - }, - { - "colour": "#99ffd8", - "expanded": "internet", - "value": " outlook" + "value": "email" }, { "colour": "#33ffb1", "expanded": "internet", - "value": " cap" + "value": "outlook" }, { "colour": "#00b36e", + "expanded": "internet", + "value": "cap" + }, + { + "colour": "#1affa7", "expanded": "phone and tablet", "value": "symbian" }, { - "colour": "#00663f", + "colour": "#00ff9d", "expanded": "phone and tablet", - "value": " palmos" - }, - { - "colour": "#00cc7e", - "expanded": "phone and tablet", - "value": " wince" - }, - { - "colour": "#99ffd8", - "expanded": "phone and tablet", - "value": " android" - }, - { - "colour": "#b3ffe2", - "expanded": "phone and tablet", - "value": " iphone" - }, - { - "colour": "#00cc7e", - "expanded": "image", - "value": "jpeg" - }, - { - "colour": "#b3ffe2", - "expanded": "image", - "value": " emf" - }, - { - "colour": "#ccffeb", - "expanded": "image", - "value": " tiff" + "value": "palmos" }, { "colour": "#00e68e", - "expanded": "image", - "value": " gif" + "expanded": "phone and tablet", + "value": "wince" + }, + { + "colour": "#4dffbb", + "expanded": "phone and tablet", + "value": "android" + }, + { + "colour": "#00e68e", + "expanded": "phone and tablet", + "value": "iphone" }, { "colour": "#4dffbb", "expanded": "image", - "value": " png" - }, - { - "colour": "#00995e", - "expanded": "image", - "value": " bmp" - }, - { - "colour": "#00b36e", - "expanded": "image", - "value": " gimp" - }, - { - "colour": "#b3ffe2", - "expanded": "image", - "value": " indesign" - }, - { - "colour": "#00ff9d", - "expanded": "image", - "value": " psd" - }, - { - "colour": "#99ffd8", - "expanded": "image", - "value": " targa" - }, - { - "colour": "#33ffb1", - "expanded": "image", - "value": " xws" - }, - { - "colour": "#00e68e", - "expanded": "image", - "value": " dib" - }, - { - "colour": "#80ffce", - "expanded": "image", - "value": " jng" - }, - { - "colour": "#00e68e", - "expanded": "image", - "value": " ico" - }, - { - "colour": "#1affa7", - "expanded": "image", - "value": " fpx" - }, - { - "colour": "#80ffce", - "expanded": "image", - "value": " eps" + "value": "jpeg" }, { "colour": "#66ffc4", "expanded": "image", - "value": " svg" + "value": "emf" + }, + { + "colour": "#33ffb1", + "expanded": "image", + "value": "tiff" + }, + { + "colour": "#4dffbb", + "expanded": "image", + "value": "gif" + }, + { + "colour": "#00995e", + "expanded": "image", + "value": "png" + }, + { + "colour": "#66ffc4", + "expanded": "image", + "value": "bmp" + }, + { + "colour": "#b3ffe2", + "expanded": "image", + "value": "gimp" + }, + { + "colour": "#80ffce", + "expanded": "image", + "value": "indesign" }, { "colour": "#00e68e", + "expanded": "image", + "value": "psd" + }, + { + "colour": "#004d2f", + "expanded": "image", + "value": "targa" + }, + { + "colour": "#00cc7e", + "expanded": "image", + "value": "xws" + }, + { + "colour": "#00cc7e", + "expanded": "image", + "value": "dib" + }, + { + "colour": "#00fa9a", + "expanded": "image", + "value": "jng" + }, + { + "colour": "#00804f", + "expanded": "image", + "value": "ico" + }, + { + "colour": "#33ffb1", + "expanded": "image", + "value": "fpx" + }, + { + "colour": "#b3ffe2", + "expanded": "image", + "value": "eps" + }, + { + "colour": "#00cc7e", + "expanded": "image", + "value": "svg" + }, + { + "colour": "#33ffb1", "expanded": "video and audio", "value": "ogg" }, { "colour": "#80ffce", "expanded": "video and audio", - "value": " flc" + "value": "flc" }, { - "colour": "#ccffeb", + "colour": "#00804f", "expanded": "video and audio", - "value": " fli" + "value": "fli" }, { "colour": "#80ffce", "expanded": "video and audio", - "value": " mp3" + "value": "mp3" }, { - "colour": "#99ffd8", + "colour": "#33ffb1", "expanded": "video and audio", - "value": " flac" + "value": "flac" }, { - "colour": "#00cc7e", + "colour": "#00ff9d", "expanded": "video and audio", - "value": " wav" - }, - { - "colour": "#00cc7e", - "expanded": "video and audio", - "value": " midi" - }, - { - "colour": "#00663f", - "expanded": "video and audio", - "value": " avi" - }, - { - "colour": "#00663f", - "expanded": "video and audio", - "value": " mpeg" - }, - { - "colour": "#80ffce", - "expanded": "video and audio", - "value": " qt" - }, - { - "colour": "#66ffc4", - "expanded": "video and audio", - "value": " asf" - }, - { - "colour": "#00cc7e", - "expanded": "video and audio", - "value": " divx" - }, - { - "colour": "#004d2f", - "expanded": "video and audio", - "value": " flv" - }, - { - "colour": "#99ffd8", - "expanded": "video and audio", - "value": " wma" + "value": "wav" }, { "colour": "#4dffbb", "expanded": "video and audio", - "value": " wmv" + "value": "midi" }, { - "colour": "#b3ffe2", + "colour": "#00b36e", "expanded": "video and audio", - "value": " rm" + "value": "avi" }, { - "colour": "#1affa7", + "colour": "#00e68e", "expanded": "video and audio", - "value": " mov" + "value": "mpeg" }, { - "colour": "#66ffc4", + "colour": "#00804f", "expanded": "video and audio", - "value": " mp4" + "value": "qt" }, { "colour": "#00cc7e", "expanded": "video and audio", - "value": " 3gp" + "value": "asf" }, { "colour": "#ccffeb", + "expanded": "video and audio", + "value": "divx" + }, + { + "colour": "#00b36e", + "expanded": "video and audio", + "value": "flv" + }, + { + "colour": "#ccffeb", + "expanded": "video and audio", + "value": "wma" + }, + { + "colour": "#00fa9a", + "expanded": "video and audio", + "value": "wmv" + }, + { + "colour": "#00fa9a", + "expanded": "video and audio", + "value": "rm" + }, + { + "colour": "#b3ffe2", + "expanded": "video and audio", + "value": "mov" + }, + { + "colour": "#00fa9a", + "expanded": "video and audio", + "value": "mp4" + }, + { + "colour": "#99ffd8", + "expanded": "video and audio", + "value": "3gp" + }, + { + "colour": "#004d2f", "expanded": "document", "value": "text" }, + { + "colour": "#00995e", + "expanded": "document", + "value": "pdf" + }, { "colour": "#66ffc4", "expanded": "document", - "value": " pdf" + "value": "ps" + }, + { + "colour": "#33ffb1", + "expanded": "document", + "value": "doc" }, { "colour": "#ccffeb", "expanded": "document", - "value": " ps" + "value": "docx" }, { - "colour": "#66ffc4", + "colour": "#00b36e", "expanded": "document", - "value": " doc" + "value": "rtf" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": "ppt" }, { "colour": "#b3ffe2", "expanded": "document", - "value": " docx" + "value": "pptx" }, { - "colour": "#b3ffe2", + "colour": "#99ffd8", "expanded": "document", - "value": " rtf" - }, - { - "colour": "#80ffce", - "expanded": "document", - "value": " ppt" - }, - { - "colour": "#1affa7", - "expanded": "document", - "value": " pptx" - }, - { - "colour": "#33ffb1", - "expanded": "document", - "value": " xls" - }, - { - "colour": "#00804f", - "expanded": "document", - "value": " xlsx" + "value": "xls" }, { "colour": "#00663f", "expanded": "document", - "value": " odp" + "value": "xlsx" }, { - "colour": "#00ff9d", + "colour": "#99ffd8", "expanded": "document", - "value": " ods" + "value": "odp" }, { - "colour": "#00663f", + "colour": "#00fa9a", "expanded": "document", - "value": " odt" + "value": "ods" }, { - "colour": "#33ffb1", + "colour": "#00995e", "expanded": "document", - "value": " hwp" + "value": "odt" + }, + { + "colour": "#4dffbb", + "expanded": "document", + "value": "hwp" + }, + { + "colour": "#00995e", + "expanded": "document", + "value": "gul" + }, + { + "colour": "#ccffeb", + "expanded": "document", + "value": "ebook" }, { "colour": "#004d2f", "expanded": "document", - "value": " gul" + "value": "latex" }, { - "colour": "#ccffeb", - "expanded": "document", - "value": " ebook" - }, - { - "colour": "#00b36e", - "expanded": "document", - "value": " latex" - }, - { - "colour": "#00b36e", + "colour": "#00fa9a", "expanded": "bundle", "value": "isoimage" }, - { - "colour": "#33ffb1", - "expanded": "bundle", - "value": " zip" - }, { "colour": "#00b36e", "expanded": "bundle", - "value": " gzip" - }, - { - "colour": "#00663f", - "expanded": "bundle", - "value": " bzip" - }, - { - "colour": "#66ffc4", - "expanded": "bundle", - "value": " rzip" - }, - { - "colour": "#b3ffe2", - "expanded": "bundle", - "value": " dzip" - }, - { - "colour": "#99ffd8", - "expanded": "bundle", - "value": " 7zip" - }, - { - "colour": "#4dffbb", - "expanded": "bundle", - "value": " cab" - }, - { - "colour": "#99ffd8", - "expanded": "bundle", - "value": " jar" - }, - { - "colour": "#ccffeb", - "expanded": "bundle", - "value": " rar" + "value": "zip" }, { "colour": "#00fa9a", "expanded": "bundle", - "value": " mscompress" - }, - { - "colour": "#80ffce", - "expanded": "bundle", - "value": " ace" - }, - { - "colour": "#00804f", - "expanded": "bundle", - "value": " arc" - }, - { - "colour": "#ccffeb", - "expanded": "bundle", - "value": " arj" - }, - { - "colour": "#004d2f", - "expanded": "bundle", - "value": " asd" + "value": "gzip" }, { "colour": "#33ffb1", "expanded": "bundle", - "value": " blackhole" + "value": "bzip" }, { - "colour": "#00663f", + "colour": "#00995e", "expanded": "bundle", - "value": " kgb" + "value": "rzip" + }, + { + "colour": "#ccffeb", + "expanded": "bundle", + "value": "dzip" + }, + { + "colour": "#66ffc4", + "expanded": "bundle", + "value": "7zip" + }, + { + "colour": "#00e68e", + "expanded": "bundle", + "value": "cab" + }, + { + "colour": "#4dffbb", + "expanded": "bundle", + "value": "jar" + }, + { + "colour": "#00995e", + "expanded": "bundle", + "value": "rar" + }, + { + "colour": "#99ffd8", + "expanded": "bundle", + "value": "mscompress" + }, + { + "colour": "#00e68e", + "expanded": "bundle", + "value": "ace" + }, + { + "colour": "#00b36e", + "expanded": "bundle", + "value": "arc" + }, + { + "colour": "#004d2f", + "expanded": "bundle", + "value": "arj" + }, + { + "colour": "#00804f", + "expanded": "bundle", + "value": "asd" + }, + { + "colour": "#4dffbb", + "expanded": "bundle", + "value": "blackhole" }, { "colour": "#00cc7e", "expanded": "bundle", - "value": " xz" + "value": "kgb" }, { - "colour": "#66ffc4", + "colour": "#00ff9d", + "expanded": "bundle", + "value": "xz" + }, + { + "colour": "#33ffb1", "expanded": "code", "value": "script" }, + { + "colour": "#00e68e", + "expanded": "code", + "value": "php" + }, { "colour": "#4dffbb", "expanded": "code", - "value": " php" + "value": "python" + }, + { + "colour": "#1affa7", + "expanded": "code", + "value": "perl" + }, + { + "colour": "#66ffc4", + "expanded": "code", + "value": "ruby" }, { "colour": "#99ffd8", "expanded": "code", - "value": " python" - }, - { - "colour": "#004d2f", - "expanded": "code", - "value": " perl" - }, - { - "colour": "#00995e", - "expanded": "code", - "value": " ruby" - }, - { - "colour": "#1affa7", - "expanded": "code", - "value": " c" - }, - { - "colour": "#00804f", - "expanded": "code", - "value": " cpp" + "value": "c" }, { "colour": "#4dffbb", "expanded": "code", - "value": " java" + "value": "cpp" }, { - "colour": "#1affa7", + "colour": "#00cc7e", "expanded": "code", - "value": " shell" + "value": "java" }, { - "colour": "#00ff9d", + "colour": "#004d2f", "expanded": "code", - "value": " pascal" + "value": "shell" }, { - "colour": "#00804f", + "colour": "#00663f", "expanded": "code", - "value": " awk" + "value": "pascal" }, { - "colour": "#00804f", + "colour": "#b3ffe2", "expanded": "code", - "value": " dyalog" - }, - { - "colour": "#00fa9a", - "expanded": "code", - "value": " fortran" - }, - { - "colour": "#80ffce", - "expanded": "code", - "value": " java-bytecode" + "value": "awk" }, { "colour": "#33ffb1", + "expanded": "code", + "value": "dyalog" + }, + { + "colour": "#33ffb1", + "expanded": "code", + "value": "fortran" + }, + { + "colour": "#99ffd8", + "expanded": "code", + "value": "java-bytecode" + }, + { + "colour": "#004d2f", "expanded": "apple", "value": "apple" }, { - "colour": "#33ffb1", + "colour": "#4dffbb", "expanded": "apple", - "value": " mac" + "value": "mac" }, { - "colour": "#00804f", + "colour": "#99ffd8", "expanded": "apple", - "value": " applesingle" + "value": "applesingle" }, { - "colour": "#00ff9d", + "colour": "#4dffbb", "expanded": "apple", - "value": " appledouble" - }, - { - "colour": "#00b36e", - "expanded": "apple", - "value": " machfs" - }, - { - "colour": "#00ff9d", - "expanded": "apple", - "value": " appleplist" - }, - { - "colour": "#00b36e", - "expanded": "apple", - "value": " maclib" + "value": "appledouble" }, { "colour": "#00663f", + "expanded": "apple", + "value": "machfs" + }, + { + "colour": "#00b36e", + "expanded": "apple", + "value": "appleplist" + }, + { + "colour": "#99ffd8", + "expanded": "apple", + "value": "maclib" + }, + { + "colour": "#00cc7e", "expanded": "miscellaneous", "value": "lnk" }, { "colour": "#1affa7", "expanded": "miscellaneous", - "value": " ttf" + "value": "ttf" }, { - "colour": "#00ff9d", + "colour": "#ccffeb", "expanded": "miscellaneous", - "value": " rom" + "value": "rom" }, { - "colour": "#00e68e", + "colour": "#00663f", "expanded": "miscellaneous", - "value": " data" + "value": "data" } ], "predicate": "type"