RSIT taxonomie added
parent
3d2b8b1fcf
commit
edaaaa5ccc
|
@ -1,6 +1,12 @@
|
||||||
{
|
{
|
||||||
"DDoS": {
|
"DDoS": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:availability=\"dos\"",
|
||||||
|
"rsit:availability=\"ddos\"",
|
||||||
|
"rsit:availability=\"misconfiguration\"",
|
||||||
|
"rsit:availability=\"sabotage\"",
|
||||||
|
"rsit:availability=\"outage\"",
|
||||||
|
"rsit:vulnerable=\"ddos-amplifier\"",
|
||||||
"ecsirt:availability=\"ddos\"",
|
"ecsirt:availability=\"ddos\"",
|
||||||
"europol-incident:availability=\"dos-ddos\"",
|
"europol-incident:availability=\"dos-ddos\"",
|
||||||
"ms-caro-malware:malware-type=\"DDoS\"",
|
"ms-caro-malware:malware-type=\"DDoS\"",
|
||||||
|
@ -26,6 +32,13 @@
|
||||||
},
|
},
|
||||||
"exploit": {
|
"exploit": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:intrusion-attempts=\"ids-alert\"",
|
||||||
|
"rsit:intrusion-attempts=\"exploit\"",
|
||||||
|
"rsit:intrusions=\"application-compromise\"",
|
||||||
|
"rsit:intrusions=\"burglary\"",
|
||||||
|
"rsit:vulnerable=\"weak-crypto\"",
|
||||||
|
"rsit:vulnerable=\"information-disclosure\"",
|
||||||
|
"rsit:vulnerable=\"vulnerable-system\"",
|
||||||
"veris:action:malware:variety=\"Exploit vuln\"",
|
"veris:action:malware:variety=\"Exploit vuln\"",
|
||||||
"ecsirt:intrusion-attempts=\"exploit\"",
|
"ecsirt:intrusion-attempts=\"exploit\"",
|
||||||
"europol-event:exploit",
|
"europol-event:exploit",
|
||||||
|
@ -35,12 +48,19 @@
|
||||||
},
|
},
|
||||||
"malware": {
|
"malware": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:malicious-code=\"infected-system\"",
|
||||||
|
"rsit:malicious-code=\"malware-distribution\"",
|
||||||
|
"rsit:malicious-code=\"malware-configuration\"",
|
||||||
"ecsirt:malicious-code=\"malware\"",
|
"ecsirt:malicious-code=\"malware\"",
|
||||||
"circl:incident-classification=\"malware\""
|
"circl:incident-classification=\"malware\""
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"Remote Access Tool": {
|
"Remote Access Tool": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:information-content-security=\"unauthorised-information-access\"",
|
||||||
|
"rsit:information-content-security=\"unauthorised-information-modification\"",
|
||||||
|
"rsit:information-content-security=\"data-loss\"",
|
||||||
|
"rsit:vulnerable=\"potentially-unwanted-accessible\"",
|
||||||
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
|
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
|
||||||
"ms-caro-malware:malware-type=\"RemoteAccess\""
|
"ms-caro-malware:malware-type=\"RemoteAccess\""
|
||||||
]
|
]
|
||||||
|
@ -57,6 +77,7 @@
|
||||||
},
|
},
|
||||||
"spam": {
|
"spam": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:abusive-content=\"spam\"",
|
||||||
"circl:incident-classification=\"spam\"",
|
"circl:incident-classification=\"spam\"",
|
||||||
"ecsirt:abusive-content=\"spam\"",
|
"ecsirt:abusive-content=\"spam\"",
|
||||||
"enisa:nefarious-activity-abuse=\"spam\"",
|
"enisa:nefarious-activity-abuse=\"spam\"",
|
||||||
|
@ -68,6 +89,7 @@
|
||||||
},
|
},
|
||||||
"scan": {
|
"scan": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:information-gathering=\"scanner\"",
|
||||||
"circl:incident-classification=\"scan\"",
|
"circl:incident-classification=\"scan\"",
|
||||||
"ecsirt:information-gathering=\"scanner\"",
|
"ecsirt:information-gathering=\"scanner\"",
|
||||||
"europol-incident:information-gathering=\"scanning\""
|
"europol-incident:information-gathering=\"scanning\""
|
||||||
|
@ -75,6 +97,7 @@
|
||||||
},
|
},
|
||||||
"scan network": {
|
"scan network": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:information-gathering=\"sniffing\"",
|
||||||
"veris:action:malware:variety=\"Scan network\"",
|
"veris:action:malware:variety=\"Scan network\"",
|
||||||
"europol-event:network-scanning"
|
"europol-event:network-scanning"
|
||||||
]
|
]
|
||||||
|
@ -87,6 +110,8 @@
|
||||||
},
|
},
|
||||||
"phishing": {
|
"phishing": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:fraud=\"phishing\"",
|
||||||
|
"rsit:information-gathering=\"social-engineering\"",
|
||||||
"circl:incident-classification=\"phishing\"",
|
"circl:incident-classification=\"phishing\"",
|
||||||
"ecsirt:fraud=\"phishing\"",
|
"ecsirt:fraud=\"phishing\"",
|
||||||
"veris:action:social:variety=\"Phishing\"",
|
"veris:action:social:variety=\"Phishing\"",
|
||||||
|
@ -96,6 +121,7 @@
|
||||||
},
|
},
|
||||||
"brute force": {
|
"brute force": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:intrusion-attempts=\"brute-force\"",
|
||||||
"ecsirt:intrusion-attempts=\"brute-force\"",
|
"ecsirt:intrusion-attempts=\"brute-force\"",
|
||||||
"veris:action:malware:variety=\"Brute force\"",
|
"veris:action:malware:variety=\"Brute force\"",
|
||||||
"europol-event:brute-force-attempt",
|
"europol-event:brute-force-attempt",
|
||||||
|
@ -104,6 +130,8 @@
|
||||||
},
|
},
|
||||||
"backdoor": {
|
"backdoor": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:intrusions=\"privileged-account-compromise\"",
|
||||||
|
"rsit:intrusions=\"unprivileged-account-compromise\"",
|
||||||
"ecsirt:intrusions=\"backdoor\"",
|
"ecsirt:intrusions=\"backdoor\"",
|
||||||
"veris:action:malware:variety=\"Backdoor\"",
|
"veris:action:malware:variety=\"Backdoor\"",
|
||||||
"ms-caro-malware:malware-type=\"Backdoor\""
|
"ms-caro-malware:malware-type=\"Backdoor\""
|
||||||
|
@ -111,6 +139,7 @@
|
||||||
},
|
},
|
||||||
"c&c": {
|
"c&c": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:malicious-code=\"c2-server\"",
|
||||||
"ecsirt:malicious-code=\"c&c\"",
|
"ecsirt:malicious-code=\"c&c\"",
|
||||||
"europol-incident:malware=\"c&c\"",
|
"europol-incident:malware=\"c&c\"",
|
||||||
"europol-event:c&c-server-hosting",
|
"europol-event:c&c-server-hosting",
|
||||||
|
@ -127,6 +156,7 @@
|
||||||
},
|
},
|
||||||
"Adware": {
|
"Adware": {
|
||||||
"values": [
|
"values": [
|
||||||
|
"rsit:fraud=\"unauthorized-use-of-resources\"",
|
||||||
"veris:action:malware:variety=\"Adware\"",
|
"veris:action:malware:variety=\"Adware\"",
|
||||||
"malware_classification:malware-category=\"Adware\"",
|
"malware_classification:malware-category=\"Adware\"",
|
||||||
"ms-caro-malware:malware-type=\"Adware\""
|
"ms-caro-malware:malware-type=\"Adware\""
|
||||||
|
@ -168,6 +198,24 @@
|
||||||
"ecsirt:malicious-code=\"worm\""
|
"ecsirt:malicious-code=\"worm\""
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"Content": {
|
||||||
|
"values": [
|
||||||
|
"rsit:abusive-content=\"harmful-speech\"",
|
||||||
|
"rsit:abusive-content=\"violence\"",
|
||||||
|
"rsit:fraud=\"copyright\"",
|
||||||
|
"rsit:fraud=\"masquerade\""
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"other": {
|
||||||
|
"values": [
|
||||||
|
"rsit:other=\"other\""
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"test": {
|
||||||
|
"values": [
|
||||||
|
"rsit:test=\"test\""
|
||||||
|
]
|
||||||
|
},
|
||||||
"tlp-white": {
|
"tlp-white": {
|
||||||
"values": [
|
"values": [
|
||||||
"tlp:white",
|
"tlp:white",
|
||||||
|
|
Loading…
Reference in New Issue