From 7258275fc0eaca278c8c111893754840c52d3845 Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Fri, 11 Feb 2022 07:40:34 +0100 Subject: [PATCH 1/7] Initial commit, adding first two roles. --- ransomware-roles/machinetag.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 ransomware-roles/machinetag.json diff --git a/ransomware-roles/machinetag.json b/ransomware-roles/machinetag.json new file mode 100644 index 0000000..fece729 --- /dev/null +++ b/ransomware-roles/machinetag.json @@ -0,0 +1,21 @@ +{ + "namespace": "ransomware-roles", + "expanded": "Ransomware Actor Roles", + "description": "The seven roles seen in most ransomware incidents.", + "refs": [ + "[TODO NIEUWSUUR]" + ], + "version": 1, + "predicates": [ + { + "value": "1 - Initial Access Brokers", + "expanded": "1 - Initial Access Brokers", + "description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor." + }, + { + "value": "2 - Ransomware Affiliates", + "expanded": "2 - Ransomware Affiliates", + "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed." + } + ] +} From aaf3a6e36bff997f6347d77c32a4ddd00a8e5fac Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Wed, 16 Feb 2022 12:57:04 +0100 Subject: [PATCH 2/7] Initial commit of seven ransomware roles --- ransomware-roles/machinetag.json | 35 +++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/ransomware-roles/machinetag.json b/ransomware-roles/machinetag.json index fece729..c0b0b01 100644 --- a/ransomware-roles/machinetag.json +++ b/ransomware-roles/machinetag.json @@ -8,14 +8,39 @@ "version": 1, "predicates": [ { - "value": "1 - Initial Access Brokers", - "expanded": "1 - Initial Access Brokers", + "value": "1 - Initial Access Broker", + "expanded": "1 - Initial Access Broker", "description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor." }, { - "value": "2 - Ransomware Affiliates", - "expanded": "2 - Ransomware Affiliates", - "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed." + "value": "2 - Ransomware Affiliate", + "expanded": "2 - Ransomware Affiliate", + "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed. Ransomware Affiliates can make use of different ransomware families in different attacks." + }, + { + "value": "3 - Data Manager", + "expanded": "3 - Data Manager", + "description": "Data managers handle the excfiltration of data, and after that, the exfiltrated data itself." + }, + { + "value": "4 - Ransomware Operator", + "expanded": "4 - Ransomware Operator", + "description": "Ransomware Operators facilitate the ransomware business model by providing ransomware and hosting the infrastructure needed to run it." + }, + { + "value": "5 - Negotiator", + "expanded": "5 - Negotiator", + "description": "Negotiations are often performed by a separate actor." + }, + { + "value": "6 - Chaser", + "expanded": "6 - Chaser", + "description": "Chasers put pressure on victims by emailing and calling key employees, to threaten them with continued attacks or publication of confidential data if the ransom is not payed." + }, + { + "value": "7 - Accountant", + "expanded": "7 - Accountant", + "description": "Accountants launder the ransom." } ] } From 6e2195e5247ee329f582c715125b453eb31bf39c Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Wed, 16 Feb 2022 13:09:51 +0100 Subject: [PATCH 3/7] Improved descriptions --- ransomware-roles/machinetag.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ransomware-roles/machinetag.json b/ransomware-roles/machinetag.json index c0b0b01..b3d6a89 100644 --- a/ransomware-roles/machinetag.json +++ b/ransomware-roles/machinetag.json @@ -15,12 +15,12 @@ { "value": "2 - Ransomware Affiliate", "expanded": "2 - Ransomware Affiliate", - "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed. Ransomware Affiliates can make use of different ransomware families in different attacks." + "description": "Ransomware affiliates are responsible for obtaining control of a victim's network and monetizing it. They perform reconnaissance of the network as well as privilege escalation, and are responsible for destroying any backup options and deployment of ransomware. Ransomware Affiliates can make use of different ransomware families in different attacks." }, { "value": "3 - Data Manager", "expanded": "3 - Data Manager", - "description": "Data managers handle the excfiltration of data, and after that, the exfiltrated data itself." + "description": "Data managers are responsible for exfiltrating data as well as managing and leaking that exfiltrated data when necessary." }, { "value": "4 - Ransomware Operator", @@ -30,12 +30,12 @@ { "value": "5 - Negotiator", "expanded": "5 - Negotiator", - "description": "Negotiations are often performed by a separate actor." + "description": "Negotiators are responsible for interacting with the victim and coming to an agreement with the victim regarding the ransom payment." }, { "value": "6 - Chaser", "expanded": "6 - Chaser", - "description": "Chasers put pressure on victims by emailing and calling key employees, to threaten them with continued attacks or publication of confidential data if the ransom is not payed." + "description": "Chasers put pressure on the victim by emailing and calling key employee. Chasers threaten these employees with continued attacks or publication of confidential data if the ransom is not payed." }, { "value": "7 - Accountant", From f188f54878c7b9a5cab5853b241f463b97f10a6a Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Tue, 22 Feb 2022 15:35:01 +0100 Subject: [PATCH 4/7] validated and jq'ed --- .DS_Store | Bin 0 -> 34820 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..58321e02fb2b9c6f488d5cb62c080fd464644c2d GIT binary patch literal 34820 zcmeHQ4Uk>sSw6daH~X6(Ha|@uAvchw1ZP7?uv1KJmNbb}6I{S%C=!!Rb~jnF*}Ki= zSL}30=}Z|3Fu{QiR*R(;lz&@lTd{Yaq&Kq7`HA*UUa2-d#Z zIWt1ghB#IN;}{SOL5|wQ9AelV91C`t-+S>ZLn+B?4=f~qp&t$c@wl|Meboo8wXk@M zBc8Ef5VHFb*Y5qLjb+~~+j_5+Md?CG2|aVvSUVVuYcHS_1?!gJPg^jK*g_7_kTD+m z%;#*32`QH*m8EDA78;+12O1vu|LXy?-Tbt7h4;qah6frRXn3IP0oD&iT)g*1_sQ^X zst){N7n0%ZLYfc0vj@Z9iqX9rcfQf7bCg8=sp?VL-nA^ zSVlaN<)&za(qydT_o5LGn)E!?z)fVmJ=ki(iKD z`$7DVqa%)Oj*jk;Bewa^Ri`b-Ft0xt%!kjzg z0LGUX@oBa_pG=dL+%Kic@OR`l}h1Adv~x`qh5PIP*;$YnCCv$X)#xn zc4NzIX^pp^ex9Z9PMBO)!rwvUt_h8L?%^zXiT%doJr;Ya4e9f|I+{n3JX*kGG@d(V zt#=_3+vnCVx7Z>*i6R-Q?U~lB74}N_HyZO&+n;_GHbtnkd*9YeOFec*rmQb*`z4h9 z_C6Red@bO93z2reIlfZzg`TvT3|02R#-EH1p!{LhL)+{)0h=OJ+CBcetE^om z;qt6s!ehSx`^Px@qOG@o0@ll6()RZsU2AQNaA(;U?y=hg&YX$jJX=@`@58rI{Nv2m z-f*T$W9oPWm~!b!yx08TJr-|HUB{(bT@TL%CT%$%$oV|ZuW_Dl9REham%r^YyhoT0 zns4U-_*SJadB42%eU^8XaX9|9#^LcptC^8J0Is_BYkuuzlg~L{X+kB3$FAFKIS74O z#{3e>e)B09KuJ1`*-FlU#=P8ikq(vi|M9nfMcR+_rG3AIvLBZ7^I*RerS~DEJ!fLs z=U|J#mbe!=f-Uhbl_SCs-~6)nV$gm*Sk&Ey^u+_;?6-S&X{>VM=496B_UD*Thg{%5}$xc#evv$$9JrwLx)`OOnNePKz z^V0Qpd=raDBB?B;@Pz%5ndoQi#y|Eg*!$RzZ=44y1%nz}>(juNA}w*g@9{3XGM=j8 zTE%=C9{e2&|5&o+o;?EG9w~|U(7HJmuUFFHOqcZF>o)kJ-2?D1XPx%J$79;NEq?)& z6=fyXHy@s7v8Kp7#ChaBxMu_Bpjp>vUwPDw4ttS9I8wo!kw)Kh9OyGNB!?fIT4*_B zYB?tPwKSh1z?mE{7>zw9zyUicG>2I%drbY9l*E1R{3RB*SJGikm(=*od`A~7V@za9 zAklFYjNKU;W81aBSV2Va=BI;Ozn4Fal5mnS9)B<}sKvP{NF_IL1ZJ&>kspFHS{S$@${t zt1Rafd6(vS{TxDJ9U0=AiJ5Iap!TWrjd1n)d>FiCGuH7@NZlPc%Fiw@19AA9bHp?+X$Fa(*!nIvf`q|21OsPHA@;IzUA=2jA-`izv zmP4JzWT?m9OxSZJk-hyP(;H6o@mn}TNs*Sg9$vA>;!4$USo3Lk@Gk&ov0-(J*mo^7w@witBk|3t~Czrhaza0UfnVH0(~3Ja`rwQDmmQynUdwe zUR|Uw`x$--ZQtZurt>jVvzrqG$VcpHnUfV7PxDFONs*TLE`D~x;!D+V9?hrW!QYPY zUpPAN#d^_DeE#mDaFr+~Be6cQ@TkR_h)a4jO-|$LgQIZvgf`h1>xGA-5f}U#JH4WP zJY!*gP03-$cYe!q$Z1zHt6p34HTkF;d|C5yC(VS}CBR&im@nzN3k)mDN=}16nzWo! zkZbnl5p1j654(d1~9Ki`5>}XYT{cSYz#JI z6ut!|Xczo62#nl)QYzO~;R<}%%VsG1Xk#c}tiSe~vX^Al)Wf!;ZgERrJh%L9JL<1v z{4QmuBYx%grXpN}5y>FD%vn#)HjE&5usk!Tu=kI#jjplUUdW>({j_1l37cm!ZOI%| zjh^CVS5=rt*sI_unRABx#xf9_P3ib$Fq&!dn^#(LxpnJpmP@LJOT~N|9{epR4_kvR z+WSBE0I)_O64zx{wOCx`P=_HIs_mKb*9H%87Z`Wl;uNH|yW&;YjY&xRm)>@VwV#l3 zI4Vnd@URWwd`5UqlH;&l;r=a+tm}(FR#8@Be0%SwEXEXhhc=JA#%` z>2X`nN1+niz$k*54E_jD0iEW!3&d;*P z%d^bU8Ect$g*K7%a~ZC)5Yr)3FNghku6mbD`xBmN<~}^E&zt#Pj+er<(Ac_88)p(~ zj7c&a_|TUv!#9T&#mD%-F2> z36P{nOKd}3e`T?yYB;p{G&Fuw!_7(HXMdZ$ME0T*^G*voz#>yeayh;J8OtSyo?}#v zp5|2qM1zra7T1$lZZg))XYjNU@uliWUO)Q8bCOqvp5s-Gp5|rhhj|KP?m38-W8jxt zSMvPi=U=cqtI&6RYti@cZU^t9xVTcv_BggCc=pBMmynS>zW45busl3+4sV*A##Mw# ztP2nq*DS+RY#f7>bCIr#I{!9HUgBLm_>#q&YD2ccd37`oldp;xW3v}Nik2nZCvQhm z>{W6Fl05;A)%icpaqvVN+jO>6i5a1VJkK)aIHf=K-t}$kk2=Kb(z~AVYQGlY0^|?+ z6{o9=&)7z=R~tPsM(2+iJb#iZFa7bgn_sd1$k1_I^Xh0GCVzC8IZmcI*9JW&m@a+| z=si*r^DEzd&0_XSI;8268ebm_qo>UC1njjkkM^28%-*EQoA^KTYNFO?`}zEulE?42 zzHWKsv@1(#_1c=RNskur9S??e4w}Q~B}E|;Z)f|zTfF5^=j&vswpT=?K_~1TfFD(h zqpi1c?b|CSv3&coH!YS5vJP36tj1~lQo!hB5T1#hDD3P7wsM%nvwiHx7LN#b7<}O# zyJwi)DqI&B3w{%S?H;wmQE5lc)ZY5+SAi&pmc+XG`JY;>xilS%>NGXKhX542OL&6Y z@e6xaVNI6cc0E@}Gc+Wx4-PilXHI2mIZpYtG@o0@C+ql4u$Zfq+#%f1)20!N1>NXGVV zwf0mWgXDJU*XLPoRpOBOt@c>7KTNvK0$>)(jdt>Q2(w+%*tdpVI-fG(G0za-4u0i^QvlrwW%b!cWQCU*rdG8liSUeTtmHx<< z)_9A=J4@i@7-blj-Ln=O4;DB}oGLG|Z+i87i#_p zjG)%y392TAJdzUoqfcL8u~&#!`aN4(!50Cw#w;W?6a_d}O|Hr>AL;r{Q_vIt`0l-IxX|GTp>e$8(R_rM_qU z&ymtJp!TG|Tv4Lb?nl&QEEWEf_D=v`PEE=5^H+b!=J4FwE~i$nt@)asDMy$%wWD)M z^DOX*LL}avq3srLIn?1vhE}u}+f#Jz-<9pDC&;fkIiT$!)Y(ghYI~+cb((Y8sZS^C zd;`|Ka+3R*|2$-|RFHMZvSc+*lMeIEsu*W@I3nV?#qdo4;h9|abt>(!dm<=8%Sm<+vmuDd-2@!=Gdc+%_c2fT3amAANQR2vrJ|loMW!=oi(f{W4qPo?gsLj|%i@)F?=r!U-NcP8wz)?u5)HoW4g=jALl zDbf<#wi6$>*itnd+I$)szv(B<2LA9=2O02`mTHA`dFbO>S%!w>ar+e~ERRer$0fg( z=40B^dFgz>k1YoJg^F48{3BqNTUT;i`Jcxv$13z4+gkJ$@8%+)n>>C5J;>N|%2u3^ zVG{Qr{LyU|H}k*Im9>^HT-gmw{wbKekM(Zl&!E8l*5xp1cjlMwaCTX4peybA!nIw~ zezm|Z>Pc<&JO)J}(&pPQ{Gqj34s|Jz4Au7f5GmGCxIdS(BReXW@!rLiB_*CUy?0qW z72=g1$(Gi5O}exKFIP(w`)|*<5g0|N#IUUaK7?OX!}JNz^X>|U92sPjZJ)MKyP zc!4{I!%-dgh4AdJu6=?T%YdMwti*KZZ4cTMN|ARc^T>N}$KKnf{q?hW|C@X7ULRaz zaufHB@&vJ`pLQ<&$Mjb+(r>@F@{87Q9y#Z)G&$`jQ_6Z^lWTk7E+&rG!kKT@6dbqn z3|H)o+^Qj9&7~*t5B~9^7Jp7%$EjLf56@ZP8J_-k>w;X-oeppR)LK=s7Oc=xJWY{~ch!xm2^tfKroK@t?sK)FUOa z|MAhkhK^&BS4Z-Ow{j=RG2MT(aR`^6-F;OOL!d9v+J;qz9i9%X7@PlSjU9{ZnNe&L_3Tq5aSY8o@HK<+JMe#E0;tC36e&%n)m) za_(Wh%ls3**EwYsrsJ{t#43IE<)`1UKC1&>S@P-|v-Yp4XXcg59qW9y^%EwavBxzc z)-hr`MCXTR3vHRr(3QSg*ZLpUSGjFVkJO^Cd9P-^nr(RVbOWEiy%()_$}Cz(_zZ5c zt*9Y678d-M<(OedGRv=}`4q_~@fL911L=CoCnGUm{?Y%om=keHlu|A>{_iA^AeiL) ze{n8oPB-4?*?|Qi+*jl3!_|*#C$4c^jZeb^4G;Vu^gvT#;M1& literal 0 HcmV?d00001 From 406c601319a5389b39496a121422773e15e2ff59 Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Tue, 22 Feb 2022 15:38:07 +0100 Subject: [PATCH 5/7] Fixed reference, validated and jq'ed again --- ransomware-roles/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ransomware-roles/machinetag.json b/ransomware-roles/machinetag.json index b3d6a89..edec216 100644 --- a/ransomware-roles/machinetag.json +++ b/ransomware-roles/machinetag.json @@ -3,7 +3,7 @@ "expanded": "Ransomware Actor Roles", "description": "The seven roles seen in most ransomware incidents.", "refs": [ - "[TODO NIEUWSUUR]" + "https://www.northwave-security.com/" ], "version": 1, "predicates": [ From 044b83ab9b1120f4e47e8e75bc70ad403ebd09be Mon Sep 17 00:00:00 2001 From: Matthijs van P Date: Tue, 22 Feb 2022 16:22:17 +0100 Subject: [PATCH 6/7] Delete accidentally added DS_Store file --- .DS_Store | Bin 34820 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 58321e02fb2b9c6f488d5cb62c080fd464644c2d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34820 zcmeHQ4Uk>sSw6daH~X6(Ha|@uAvchw1ZP7?uv1KJmNbb}6I{S%C=!!Rb~jnF*}Ki= zSL}30=}Z|3Fu{QiR*R(;lz&@lTd{Yaq&Kq7`HA*UUa2-d#Z zIWt1ghB#IN;}{SOL5|wQ9AelV91C`t-+S>ZLn+B?4=f~qp&t$c@wl|Meboo8wXk@M zBc8Ef5VHFb*Y5qLjb+~~+j_5+Md?CG2|aVvSUVVuYcHS_1?!gJPg^jK*g_7_kTD+m z%;#*32`QH*m8EDA78;+12O1vu|LXy?-Tbt7h4;qah6frRXn3IP0oD&iT)g*1_sQ^X zst){N7n0%ZLYfc0vj@Z9iqX9rcfQf7bCg8=sp?VL-nA^ zSVlaN<)&za(qydT_o5LGn)E!?z)fVmJ=ki(iKD z`$7DVqa%)Oj*jk;Bewa^Ri`b-Ft0xt%!kjzg z0LGUX@oBa_pG=dL+%Kic@OR`l}h1Adv~x`qh5PIP*;$YnCCv$X)#xn zc4NzIX^pp^ex9Z9PMBO)!rwvUt_h8L?%^zXiT%doJr;Ya4e9f|I+{n3JX*kGG@d(V zt#=_3+vnCVx7Z>*i6R-Q?U~lB74}N_HyZO&+n;_GHbtnkd*9YeOFec*rmQb*`z4h9 z_C6Red@bO93z2reIlfZzg`TvT3|02R#-EH1p!{LhL)+{)0h=OJ+CBcetE^om z;qt6s!ehSx`^Px@qOG@o0@ll6()RZsU2AQNaA(;U?y=hg&YX$jJX=@`@58rI{Nv2m z-f*T$W9oPWm~!b!yx08TJr-|HUB{(bT@TL%CT%$%$oV|ZuW_Dl9REham%r^YyhoT0 zns4U-_*SJadB42%eU^8XaX9|9#^LcptC^8J0Is_BYkuuzlg~L{X+kB3$FAFKIS74O z#{3e>e)B09KuJ1`*-FlU#=P8ikq(vi|M9nfMcR+_rG3AIvLBZ7^I*RerS~DEJ!fLs z=U|J#mbe!=f-Uhbl_SCs-~6)nV$gm*Sk&Ey^u+_;?6-S&X{>VM=496B_UD*Thg{%5}$xc#evv$$9JrwLx)`OOnNePKz z^V0Qpd=raDBB?B;@Pz%5ndoQi#y|Eg*!$RzZ=44y1%nz}>(juNA}w*g@9{3XGM=j8 zTE%=C9{e2&|5&o+o;?EG9w~|U(7HJmuUFFHOqcZF>o)kJ-2?D1XPx%J$79;NEq?)& z6=fyXHy@s7v8Kp7#ChaBxMu_Bpjp>vUwPDw4ttS9I8wo!kw)Kh9OyGNB!?fIT4*_B zYB?tPwKSh1z?mE{7>zw9zyUicG>2I%drbY9l*E1R{3RB*SJGikm(=*od`A~7V@za9 zAklFYjNKU;W81aBSV2Va=BI;Ozn4Fal5mnS9)B<}sKvP{NF_IL1ZJ&>kspFHS{S$@${t zt1Rafd6(vS{TxDJ9U0=AiJ5Iap!TWrjd1n)d>FiCGuH7@NZlPc%Fiw@19AA9bHp?+X$Fa(*!nIvf`q|21OsPHA@;IzUA=2jA-`izv zmP4JzWT?m9OxSZJk-hyP(;H6o@mn}TNs*Sg9$vA>;!4$USo3Lk@Gk&ov0-(J*mo^7w@witBk|3t~Czrhaza0UfnVH0(~3Ja`rwQDmmQynUdwe zUR|Uw`x$--ZQtZurt>jVvzrqG$VcpHnUfV7PxDFONs*TLE`D~x;!D+V9?hrW!QYPY zUpPAN#d^_DeE#mDaFr+~Be6cQ@TkR_h)a4jO-|$LgQIZvgf`h1>xGA-5f}U#JH4WP zJY!*gP03-$cYe!q$Z1zHt6p34HTkF;d|C5yC(VS}CBR&im@nzN3k)mDN=}16nzWo! zkZbnl5p1j654(d1~9Ki`5>}XYT{cSYz#JI z6ut!|Xczo62#nl)QYzO~;R<}%%VsG1Xk#c}tiSe~vX^Al)Wf!;ZgERrJh%L9JL<1v z{4QmuBYx%grXpN}5y>FD%vn#)HjE&5usk!Tu=kI#jjplUUdW>({j_1l37cm!ZOI%| zjh^CVS5=rt*sI_unRABx#xf9_P3ib$Fq&!dn^#(LxpnJpmP@LJOT~N|9{epR4_kvR z+WSBE0I)_O64zx{wOCx`P=_HIs_mKb*9H%87Z`Wl;uNH|yW&;YjY&xRm)>@VwV#l3 zI4Vnd@URWwd`5UqlH;&l;r=a+tm}(FR#8@Be0%SwEXEXhhc=JA#%` z>2X`nN1+niz$k*54E_jD0iEW!3&d;*P z%d^bU8Ect$g*K7%a~ZC)5Yr)3FNghku6mbD`xBmN<~}^E&zt#Pj+er<(Ac_88)p(~ zj7c&a_|TUv!#9T&#mD%-F2> z36P{nOKd}3e`T?yYB;p{G&Fuw!_7(HXMdZ$ME0T*^G*voz#>yeayh;J8OtSyo?}#v zp5|2qM1zra7T1$lZZg))XYjNU@uliWUO)Q8bCOqvp5s-Gp5|rhhj|KP?m38-W8jxt zSMvPi=U=cqtI&6RYti@cZU^t9xVTcv_BggCc=pBMmynS>zW45busl3+4sV*A##Mw# ztP2nq*DS+RY#f7>bCIr#I{!9HUgBLm_>#q&YD2ccd37`oldp;xW3v}Nik2nZCvQhm z>{W6Fl05;A)%icpaqvVN+jO>6i5a1VJkK)aIHf=K-t}$kk2=Kb(z~AVYQGlY0^|?+ z6{o9=&)7z=R~tPsM(2+iJb#iZFa7bgn_sd1$k1_I^Xh0GCVzC8IZmcI*9JW&m@a+| z=si*r^DEzd&0_XSI;8268ebm_qo>UC1njjkkM^28%-*EQoA^KTYNFO?`}zEulE?42 zzHWKsv@1(#_1c=RNskur9S??e4w}Q~B}E|;Z)f|zTfF5^=j&vswpT=?K_~1TfFD(h zqpi1c?b|CSv3&coH!YS5vJP36tj1~lQo!hB5T1#hDD3P7wsM%nvwiHx7LN#b7<}O# zyJwi)DqI&B3w{%S?H;wmQE5lc)ZY5+SAi&pmc+XG`JY;>xilS%>NGXKhX542OL&6Y z@e6xaVNI6cc0E@}Gc+Wx4-PilXHI2mIZpYtG@o0@C+ql4u$Zfq+#%f1)20!N1>NXGVV zwf0mWgXDJU*XLPoRpOBOt@c>7KTNvK0$>)(jdt>Q2(w+%*tdpVI-fG(G0za-4u0i^QvlrwW%b!cWQCU*rdG8liSUeTtmHx<< z)_9A=J4@i@7-blj-Ln=O4;DB}oGLG|Z+i87i#_p zjG)%y392TAJdzUoqfcL8u~&#!`aN4(!50Cw#w;W?6a_d}O|Hr>AL;r{Q_vIt`0l-IxX|GTp>e$8(R_rM_qU z&ymtJp!TG|Tv4Lb?nl&QEEWEf_D=v`PEE=5^H+b!=J4FwE~i$nt@)asDMy$%wWD)M z^DOX*LL}avq3srLIn?1vhE}u}+f#Jz-<9pDC&;fkIiT$!)Y(ghYI~+cb((Y8sZS^C zd;`|Ka+3R*|2$-|RFHMZvSc+*lMeIEsu*W@I3nV?#qdo4;h9|abt>(!dm<=8%Sm<+vmuDd-2@!=Gdc+%_c2fT3amAANQR2vrJ|loMW!=oi(f{W4qPo?gsLj|%i@)F?=r!U-NcP8wz)?u5)HoW4g=jALl zDbf<#wi6$>*itnd+I$)szv(B<2LA9=2O02`mTHA`dFbO>S%!w>ar+e~ERRer$0fg( z=40B^dFgz>k1YoJg^F48{3BqNTUT;i`Jcxv$13z4+gkJ$@8%+)n>>C5J;>N|%2u3^ zVG{Qr{LyU|H}k*Im9>^HT-gmw{wbKekM(Zl&!E8l*5xp1cjlMwaCTX4peybA!nIw~ zezm|Z>Pc<&JO)J}(&pPQ{Gqj34s|Jz4Au7f5GmGCxIdS(BReXW@!rLiB_*CUy?0qW z72=g1$(Gi5O}exKFIP(w`)|*<5g0|N#IUUaK7?OX!}JNz^X>|U92sPjZJ)MKyP zc!4{I!%-dgh4AdJu6=?T%YdMwti*KZZ4cTMN|ARc^T>N}$KKnf{q?hW|C@X7ULRaz zaufHB@&vJ`pLQ<&$Mjb+(r>@F@{87Q9y#Z)G&$`jQ_6Z^lWTk7E+&rG!kKT@6dbqn z3|H)o+^Qj9&7~*t5B~9^7Jp7%$EjLf56@ZP8J_-k>w;X-oeppR)LK=s7Oc=xJWY{~ch!xm2^tfKroK@t?sK)FUOa z|MAhkhK^&BS4Z-Ow{j=RG2MT(aR`^6-F;OOL!d9v+J;qz9i9%X7@PlSjU9{ZnNe&L_3Tq5aSY8o@HK<+JMe#E0;tC36e&%n)m) za_(Wh%ls3**EwYsrsJ{t#43IE<)`1UKC1&>S@P-|v-Yp4XXcg59qW9y^%EwavBxzc z)-hr`MCXTR3vHRr(3QSg*ZLpUSGjFVkJO^Cd9P-^nr(RVbOWEiy%()_$}Cz(_zZ5c zt*9Y678d-M<(OedGRv=}`4q_~@fL911L=CoCnGUm{?Y%om=keHlu|A>{_iA^AeiL) ze{n8oPB-4?*?|Qi+*jl3!_|*#C$4c^jZeb^4G;Vu^gvT#;M1& From d74c6aeaaa43afe23abbf8f88206aa67602aadf5 Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Tue, 22 Feb 2022 16:36:15 +0100 Subject: [PATCH 7/7] Fixed MANIFEST.json --- MANIFEST.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MANIFEST.json b/MANIFEST.json index a24f058..e7eaa3f 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -667,6 +667,11 @@ "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.", "name": "workflow", "version": 11 + }, + { + "description": "The seven actor roles seen in most ransomware incidents.", + "name": "ransomware-roles", + "version": 11 } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",