RSIT taxonomie added

pull/143/head
Michael Hamm 2019-05-14 13:32:40 +02:00
parent 3d2b8b1fcf
commit edaaaa5ccc
1 changed files with 48 additions and 0 deletions

View File

@ -1,6 +1,12 @@
{ {
"DDoS": { "DDoS": {
"values": [ "values": [
"rsit:availability=\"dos\"",
"rsit:availability=\"ddos\"",
"rsit:availability=\"misconfiguration\"",
"rsit:availability=\"sabotage\"",
"rsit:availability=\"outage\"",
"rsit:vulnerable=\"ddos-amplifier\"",
"ecsirt:availability=\"ddos\"", "ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"", "europol-incident:availability=\"dos-ddos\"",
"ms-caro-malware:malware-type=\"DDoS\"", "ms-caro-malware:malware-type=\"DDoS\"",
@ -26,6 +32,13 @@
}, },
"exploit": { "exploit": {
"values": [ "values": [
"rsit:intrusion-attempts=\"ids-alert\"",
"rsit:intrusion-attempts=\"exploit\"",
"rsit:intrusions=\"application-compromise\"",
"rsit:intrusions=\"burglary\"",
"rsit:vulnerable=\"weak-crypto\"",
"rsit:vulnerable=\"information-disclosure\"",
"rsit:vulnerable=\"vulnerable-system\"",
"veris:action:malware:variety=\"Exploit vuln\"", "veris:action:malware:variety=\"Exploit vuln\"",
"ecsirt:intrusion-attempts=\"exploit\"", "ecsirt:intrusion-attempts=\"exploit\"",
"europol-event:exploit", "europol-event:exploit",
@ -35,12 +48,19 @@
}, },
"malware": { "malware": {
"values": [ "values": [
"rsit:malicious-code=\"infected-system\"",
"rsit:malicious-code=\"malware-distribution\"",
"rsit:malicious-code=\"malware-configuration\"",
"ecsirt:malicious-code=\"malware\"", "ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\"" "circl:incident-classification=\"malware\""
] ]
}, },
"Remote Access Tool": { "Remote Access Tool": {
"values": [ "values": [
"rsit:information-content-security=\"unauthorised-information-access\"",
"rsit:information-content-security=\"unauthorised-information-modification\"",
"rsit:information-content-security=\"data-loss\"",
"rsit:vulnerable=\"potentially-unwanted-accessible\"",
"enisa:nefarious-activity-abuse=\"remote-access-tool\"", "enisa:nefarious-activity-abuse=\"remote-access-tool\"",
"ms-caro-malware:malware-type=\"RemoteAccess\"" "ms-caro-malware:malware-type=\"RemoteAccess\""
] ]
@ -57,6 +77,7 @@
}, },
"spam": { "spam": {
"values": [ "values": [
"rsit:abusive-content=\"spam\"",
"circl:incident-classification=\"spam\"", "circl:incident-classification=\"spam\"",
"ecsirt:abusive-content=\"spam\"", "ecsirt:abusive-content=\"spam\"",
"enisa:nefarious-activity-abuse=\"spam\"", "enisa:nefarious-activity-abuse=\"spam\"",
@ -68,6 +89,7 @@
}, },
"scan": { "scan": {
"values": [ "values": [
"rsit:information-gathering=\"scanner\"",
"circl:incident-classification=\"scan\"", "circl:incident-classification=\"scan\"",
"ecsirt:information-gathering=\"scanner\"", "ecsirt:information-gathering=\"scanner\"",
"europol-incident:information-gathering=\"scanning\"" "europol-incident:information-gathering=\"scanning\""
@ -75,6 +97,7 @@
}, },
"scan network": { "scan network": {
"values": [ "values": [
"rsit:information-gathering=\"sniffing\"",
"veris:action:malware:variety=\"Scan network\"", "veris:action:malware:variety=\"Scan network\"",
"europol-event:network-scanning" "europol-event:network-scanning"
] ]
@ -87,6 +110,8 @@
}, },
"phishing": { "phishing": {
"values": [ "values": [
"rsit:fraud=\"phishing\"",
"rsit:information-gathering=\"social-engineering\"",
"circl:incident-classification=\"phishing\"", "circl:incident-classification=\"phishing\"",
"ecsirt:fraud=\"phishing\"", "ecsirt:fraud=\"phishing\"",
"veris:action:social:variety=\"Phishing\"", "veris:action:social:variety=\"Phishing\"",
@ -96,6 +121,7 @@
}, },
"brute force": { "brute force": {
"values": [ "values": [
"rsit:intrusion-attempts=\"brute-force\"",
"ecsirt:intrusion-attempts=\"brute-force\"", "ecsirt:intrusion-attempts=\"brute-force\"",
"veris:action:malware:variety=\"Brute force\"", "veris:action:malware:variety=\"Brute force\"",
"europol-event:brute-force-attempt", "europol-event:brute-force-attempt",
@ -104,6 +130,8 @@
}, },
"backdoor": { "backdoor": {
"values": [ "values": [
"rsit:intrusions=\"privileged-account-compromise\"",
"rsit:intrusions=\"unprivileged-account-compromise\"",
"ecsirt:intrusions=\"backdoor\"", "ecsirt:intrusions=\"backdoor\"",
"veris:action:malware:variety=\"Backdoor\"", "veris:action:malware:variety=\"Backdoor\"",
"ms-caro-malware:malware-type=\"Backdoor\"" "ms-caro-malware:malware-type=\"Backdoor\""
@ -111,6 +139,7 @@
}, },
"c&c": { "c&c": {
"values": [ "values": [
"rsit:malicious-code=\"c2-server\"",
"ecsirt:malicious-code=\"c&c\"", "ecsirt:malicious-code=\"c&c\"",
"europol-incident:malware=\"c&c\"", "europol-incident:malware=\"c&c\"",
"europol-event:c&c-server-hosting", "europol-event:c&c-server-hosting",
@ -127,6 +156,7 @@
}, },
"Adware": { "Adware": {
"values": [ "values": [
"rsit:fraud=\"unauthorized-use-of-resources\"",
"veris:action:malware:variety=\"Adware\"", "veris:action:malware:variety=\"Adware\"",
"malware_classification:malware-category=\"Adware\"", "malware_classification:malware-category=\"Adware\"",
"ms-caro-malware:malware-type=\"Adware\"" "ms-caro-malware:malware-type=\"Adware\""
@ -168,6 +198,24 @@
"ecsirt:malicious-code=\"worm\"" "ecsirt:malicious-code=\"worm\""
] ]
}, },
"Content": {
"values": [
"rsit:abusive-content=\"harmful-speech\"",
"rsit:abusive-content=\"violence\"",
"rsit:fraud=\"copyright\"",
"rsit:fraud=\"masquerade\""
]
},
"other": {
"values": [
"rsit:other=\"other\""
]
},
"test": {
"values": [
"rsit:test=\"test\""
]
},
"tlp-white": { "tlp-white": {
"values": [ "values": [
"tlp:white", "tlp:white",