{ "DDoS": { "values": [ "rsit:availability=\"dos\"", "rsit:availability=\"ddos\"", "rsit:vulnerable=\"ddos-amplifier\"", "ecsirt:availability=\"ddos\"", "europol-incident:availability=\"dos-ddos\"", "ms-caro-malware:malware-type=\"DDoS\"", "circl:incident-classification=\"denial-of-service\"", "enisa:nefarious-activity-abuse=\"denial-of-service\"" ] }, "SQLi": { "values": [ "circl:incident-classification=\"sql-injection\"", "veris:action:malware:variety=\"SQL injection\"", "veris:action:hacking:variety=\"SQLi\"", "enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"", "europol-event:sql-injection" ] }, "rootkit": { "values": [ "veris:action:malware:variety=\"Rootkit\"", "enisa:nefarious-activity-abuse=\"rootkits\"", "malware_classification:malware-category=\"Rootkit\"" ] }, "exploit": { "values": [ "rsit:intrusion-attempts=\"exploit\"", "veris:action:malware:variety=\"Exploit vuln\"", "ecsirt:intrusion-attempts=\"exploit\"", "europol-event:exploit", "europol-incident:intrusion=\"exploitation-vulnerability\"", "ms-caro-malware:malware-type=\"Exploit\"" ] }, "malware": { "values": [ "rsit:malicious-code=\"malware-distribution\"", "rsit:malicious-code=\"malware-configuration\"", "ecsirt:malicious-code=\"malware\"", "circl:incident-classification=\"malware\"" ] }, "Remote Access Tool": { "values": [ "enisa:nefarious-activity-abuse=\"remote-access-tool\"", "ms-caro-malware:malware-type=\"RemoteAccess\"" ] }, "ransomware": { "values": [ "ecsirt:malicious-code=\"ransomware\"", "enisa:nefarious-activity-abuse=\"ransomware\"", "malware_classification:malware-category=\"Ransomware\"", "ms-caro-malware:malware-type=\"Ransom\"", "veris:action:malware:variety=\"Ransomware\"" ], "description": "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)" }, "spam": { "values": [ "rsit:abusive-content=\"spam\"", "circl:incident-classification=\"spam\"", "ecsirt:abusive-content=\"spam\"", "enisa:nefarious-activity-abuse=\"spam\"", "europol-event:spam", "europol-incident:abusive-content=\"spam\"", "veris:action:malware:variety=\"Spam\"", "veris:action:social:variety=\"Spam\"" ] }, "scan": { "values": [ "rsit:information-gathering=\"scanner\"", "circl:incident-classification=\"scan\"", "ecsirt:information-gathering=\"scanner\"", "europol-incident:information-gathering=\"scanning\"" ] }, "scan network": { "values": [ "veris:action:malware:variety=\"Scan network\"", "europol-event:network-scanning" ] }, "xss": { "values": [ "circl:incident-classification=\"XSS\"", "europol-event:xss " ] }, "phishing": { "values": [ "rsit:fraud=\"phishing\"", "circl:incident-classification=\"phishing\"", "ecsirt:fraud=\"phishing\"", "veris:action:social:variety=\"Phishing\"", "europol-incident:information-gathering=\"phishing\"", "enisa:nefarious-activity-abuse=\"phishing-attacks\"" ] }, "brute force": { "values": [ "rsit:intrusion-attempts=\"brute-force\"", "ecsirt:intrusion-attempts=\"brute-force\"", "veris:action:malware:variety=\"Brute force\"", "europol-event:brute-force-attempt", "enisa:nefarious-activity-abuse=\"brute-force\"" ] }, "backdoor": { "values": [ "ecsirt:intrusions=\"backdoor\"", "veris:action:malware:variety=\"Backdoor\"", "ms-caro-malware:malware-type=\"Backdoor\"" ] }, "c&c": { "values": [ "rsit:malicious-code=\"c2-server\"", "ecsirt:malicious-code=\"c&c\"", "europol-incident:malware=\"c&c\"", "europol-event:c&c-server-hosting", "veris:action:malware:variety=\"C2\"" ] }, "Brute Force": { "values": [ "ecsirt:intrusion-attempts=\"brute-force\"", "veris:action:malware:variety=\"Brute force\"", "europol-event:brute-force-attempt", "enisa:nefarious-activity-abuse=\"brute-force\"" ] }, "Adware": { "values": [ "veris:action:malware:variety=\"Adware\"", "malware_classification:malware-category=\"Adware\"", "ms-caro-malware:malware-type=\"Adware\"" ] }, "Downloader": { "values": [ "veris:action:malware:variety=\"Downloader\"", "malware_classification:malware-category=\"Downloader\"" ] }, "Spyware": { "values": [ "veris:action:malware:variety=\"Spyware/Keylogger\"", "malware_classification:malware-category=\"Spyware\"", "ms-caro-malware:malware-type=\"Spyware\"", "enisa:nefarious-activity-abuse=\"spyware-or-deceptive-adware\"" ] }, "Trojan": { "values": [ "malware_classification:malware-category=\"Trojan\"", "ms-caro-malware:malware-type=\"Trojan\"", "ecsirt:malicious-code=\"trojan\"" ] }, "Virus": { "values": [ "malware_classification:malware-category=\"Virus\"", "ms-caro-malware:malware-type=\"Virus\"", "ecsirt:malicious-code=\"virus\"" ] }, "Worm": { "values": [ "veris:action:malware:variety=\"Worm\"", "malware_classification:malware-category=\"Worm\"", "ms-caro-malware:malware-type=\"Worm\"", "ecsirt:malicious-code=\"worm\"" ] }, "content": { "values": [ "rsit:abusive-content=\"harmful-speech\"", "rsit:abusive-content=\"violence\"", "rsit:fraud=\"copyright\"", "rsit:fraud=\"masquerade\"" ] }, "other": { "values": [ "rsit:other=\"other\"" ] }, "test": { "values": [ "rsit:test=\"test\"" ] }, "tlp-white": { "values": [ "tlp:white", "iep:traffic-light-protocol=\"WHITE\"" ] }, "tlp-green": { "values": [ "tlp:green", "iep:traffic-light-protocol=\"GREEN\"" ] }, "tlp-amber": { "values": [ "tlp:amber", "iep:traffic-light-protocol=\"AMBER\"" ] }, "tlp-red": { "values": [ "tlp:red", "iep:traffic-light-protocol=\"RED\"" ] } }