Commit Graph

1142 Commits (4a307cd52809b634d8584fd0d5a32453dd34bbf6)

Author SHA1 Message Date
Alexandre Dulaunoy dfdcbbf9c8
Merge pull request #253 from syloktools/main
Added xlsm file type to file-type taxonomy
2022-09-16 11:45:31 +02:00
Robert Nixon eccb9186ac
Merge branch 'MISP:main' into main 2022-09-16 07:49:27 +01:00
Robert Nixon 5002736456 Added xlsm file type 2022-09-16 08:48:43 +02:00
Alexandre Dulaunoy 7d379245b7
Merge pull request #251 from syloktools/main
Adding img, txt, and ppa for file-type taxonomy
2022-09-08 11:51:59 +02:00
Robert Nixon d235301e7d
Added filetype txt and ppa
Seeing a lot of txt files that contain PowerShell scripts with encoded AgentTesla binary inside alongside PPA files.
2022-09-08 11:07:31 +02:00
Robert Nixon 9b25ee4a7d
Added img file type 2022-09-08 10:35:39 +02:00
Alexandre Dulaunoy fb22347f95
Merge pull request #249 from syloktools/main
Added vbs and hta to file type tags
2022-09-08 09:46:13 +02:00
Robert Nixon 3b6f927033
Added vbs and hta to file type tags 2022-09-08 08:51:28 +02:00
Alexandre Dulaunoy aa251b6a40
chg: [false-positive] add colour scheme to false-positive risk level and
typo fixed
2022-09-07 08:50:20 +02:00
Sami Mokaddem 93309b58c4
chg: [false-positive] Added risk cannot be judged entry 2022-09-07 08:13:38 +02:00
Alexandre Dulaunoy fc12a106f5
fix: [tlp] description of the TLP taxonomy updated to clarify the aspect
of four labels mentioned in the standard even if there are five labels
and some more in this taxonomy for backward compatibility.
2022-08-04 08:59:16 +02:00
Alexandre Dulaunoy 8c113c5b86
chg: [MANIFEST] updated 2022-08-03 15:48:49 +02:00
Alexandre Dulaunoy 2e666690ca
Merge branch 'main' of github.com:MISP/misp-taxonomies into main 2022-08-03 15:48:28 +02:00
Alexandre Dulaunoy 856d303ee4
chg: [tlp] updating the new version of the traffic light protocol
published by FIRST.org

Some notes concerning the version 2.0 of the tlp taxonomy:

- A new tag is introduced `TLP:AMBER+STRICT` to clarify the restriction to
share only with your organisation.
- A new tag is introduced called `TLP:CLEAR` which seems to replace
`TLP:WHITE` as it disappears from the version 2.0 of the official TLP
document.
- The old tag `TLP:WHITE` is preserved in the taxonomy. As we don't have
any official reference in the version 2.0 about the compatibility with
`TLP:CLEAR`, we *assume* it's a synomym from the original `TLP:WHITE`.
- The old tag `TLP:EX:CHR` is also preserved in the taxonomy for
backward compatibility.

We strongly recommend any users using the tlp taxonomy in their tools to review
workflows and ensure that the new version 2.0 is taken into consideration.

Ref: https://www.first.org/tlp/ (download the 3rd August 2022 - 15:46 CEST)
2022-08-03 15:40:26 +02:00
Alexandre Dulaunoy 8b57801204
Merge pull request #248 from goodlandsecurity/pyoti-v3
Pyoti v3
2022-08-03 11:26:12 +02:00
goodlandsecurity d5e9cdd92b forgot jq_all_the_things.sh 2022-08-02 11:33:41 -05:00
goodlandsecurity 7add543acc bump pyoti version 2022-08-02 11:24:14 -05:00
goodlandsecurity 22b6287d7a remove predicate description so entry description shows on hover, added virustotal entry 2022-08-02 11:24:04 -05:00
Alexandre Dulaunoy d94688040c
Merge pull request #247 from goodlandsecurity/pyoti-v2
Pyoti taxonomy v2
2022-07-20 16:28:49 +02:00
goodlandsecurity 76a9897638 Merge remote-tracking branch 'upstream/main' into pyoti-v2
fetch upstream and merge
2022-07-20 08:32:11 -05:00
goodlandsecurity 500e61caaf added entries for domain-based reputation block lists 2022-07-20 08:27:14 -05:00
goodlandsecurity 3e443dd286 bump pyoti version 2022-07-20 08:25:53 -05:00
Alexandre Dulaunoy f4fb812c37
chg: [nis2] various fixes 2022-07-08 15:57:30 +02:00
Alexandre Dulaunoy a4c00258b2
chg: [github action] YAML parsing is just a piece-of-crap(tm)
Ref: https://github.com/actions/setup-python/issues/160#issuecomment-724485470
2022-07-08 07:37:14 +02:00
Alexandre Dulaunoy 594c4cba82
chg: [gh] Python 3.10 added 2022-07-08 07:30:42 +02:00
Alexandre Dulaunoy e646d458e3
chg: [pyoti] refs are array 2022-07-08 07:27:32 +02:00
Alexandre Dulaunoy fb16aab4ea
Merge branch 'goodlandsecurity-pyoti-enrichment-taxonomy' into main 2022-07-08 07:24:47 +02:00
Alexandre Dulaunoy 7732d32c7c
chg: [pyoti] clean-up JSON 2022-07-08 07:24:27 +02:00
goodlandsecurity 402c6ca144 adding pyoti enrichment taxonomy 2022-07-07 16:32:12 -05:00
Alexandre Dulaunoy 0c1b3f1f3a
new: [diamond-model-for-influence-operations] "The Diamond Model for Influence Operations Analysis" taxonomy added
Ref: https://go.recordedfuture.com/hubfs/white-papers/diamond-model-influence-operations-analysis.pdf
2022-06-29 13:40:54 +02:00
Alexandre Dulaunoy 0e7688e652
new: [nis2] NIS2 proposal taxonomy
The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 May 2022, also known as the provisional agreement.
This proposal is based on the original NIS (machinetag) JSON file with the reflection of NIS2 proposal including changes as:
- changes in sectors,
- adding subsectors with detailed description,
- adding taxonomies for important entities
- adding subsectors for important entities.
Work done as part of contribution to EnCaViBS project https://encavibs.uni.lu
[machinetag2.txt](https://github.com/MISP/misp-taxonomies/files/8948834/machinetag2.txt)

Contribution from @AMEXTT
2022-06-23 10:03:14 +02:00
Alexandre Dulaunoy 5d72c5e901
chg: [MANIFEST] updated 2022-05-16 08:13:30 +02:00
Raphaël Vinot 87916c2eb9 fix: order in cnsd 2022-05-13 16:05:31 +02:00
Alexandre Dulaunoy 80f2a19308
chg: [cnsd] many fixes 2022-05-13 15:52:34 +02:00
Alexandre Dulaunoy 778c0508cf
chg: [artificial-satellite] fixes 2022-05-13 15:44:33 +02:00
Alexandre Dulaunoy d3fd3f6419
chg: [satellite] fix the predicate 2022-05-13 15:36:01 +02:00
Alexandre Dulaunoy 0bf91e429b
chg: [artificial-satellite] satellite renamed 2022-05-13 15:30:23 +02:00
Alexandre Dulaunoy beeabcaf22
chg: [articifial-satellite] remove duplicate in education 2022-05-13 15:27:24 +02:00
Alexandre Dulaunoy 392b52f6e8
fix: [dga] leading space removed 2022-05-13 10:01:38 +02:00
Alexandre Dulaunoy 98443dbe30
chg: [dga] Include the improvements from @danielplohmann 2022-05-13 09:25:24 +02:00
Alexandre Dulaunoy a71490fab7
new: [dga] First version of the DGA taxonomy based on https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_plohmann.pdf
A Comprehensive Measurement Study
of Domain Generating Malware
Daniel Plohmann, Fraunhofer FKIE; Khaled Yakdan, University of Bonn;
Michael Klatt, DomainTools; Johannes Bader; Elmar Gerhards-Padilla, Fraunhofer FKIE
2022-05-12 16:40:44 +02:00
Alexandre Dulaunoy 259752b073
Merge pull request #244 from jelervasquez/patch-7
Update machinetag.json
2022-05-09 23:25:27 +02:00
jelervasquez d9761fa947
Update machinetag.json 2022-05-09 15:33:27 -05:00
Alexandre Dulaunoy 20ffb6980f
Merge branch 'th3r3d-patch-1' into main 2022-05-05 18:59:37 +02:00
Alexandre Dulaunoy 4984b1a009
Merge branch 'main' into th3r3d-patch-1 2022-05-05 18:58:44 +02:00
Alexandre Dulaunoy 5908b6585c
chg: [cnsd] remove incorrect file 2022-05-05 18:53:11 +02:00
Alexandre Dulaunoy 62d4cd2e41
Merge branch 'jelervasquez-patch-2' into main 2022-05-05 18:52:56 +02:00
Alexandre Dulaunoy 8f9fa33469
chg: [manifest] updated 2022-05-05 18:52:19 +02:00
Alexandre Dulaunoy edeb9428ee
fix: [cnsd] update 2022-05-05 18:51:43 +02:00
jelervasquez 47efdddca7
Taxonomy for security incidents 2022-05-04 16:56:53 -05:00