MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

taxonomies updated

pull/3/head
Alexandre Dulaunoy 2017-12-01 14:29:41 +01:00
parent 063be55baa
commit 0afc6088ab
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 48436 additions and 47199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

261
taxonomies.html
View File

@ -1209,24 +1209,36 @@ admiralty-scale namespace available in JSON format at <a href="https://github.co
<div class="paragraph">
<p>Completely reliable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_b">admiralty-scale:source-reliability="b"</h4>
<div class="paragraph">
<p>Usually reliable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_c">admiralty-scale:source-reliability="c"</h4>
<div class="paragraph">
<p>Fairly reliable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_d">admiralty-scale:source-reliability="d"</h4>
<div class="paragraph">
<p>Not usually reliable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_e">admiralty-scale:source-reliability="e"</h4>
@ -1248,24 +1260,36 @@ admiralty-scale namespace available in JSON format at <a href="https://github.co
<div class="paragraph">
<p>Confirmed by other sources</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_2">admiralty-scale:information-credibility="2"</h4>
<div class="paragraph">
<p>Probably true</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_3">admiralty-scale:information-credibility="3"</h4>
<div class="paragraph">
<p>Possibly true</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_4">admiralty-scale:information-credibility="4"</h4>
<div class="paragraph">
<p>Doubtful</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_5">admiralty-scale:information-credibility="5"</h4>
@ -1536,30 +1560,45 @@ analyst-assessment namespace available in JSON format at <a href="https://github
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_experience_between_1_and_5_years">analyst-assessment:experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_experience_between_5_and_10_years">analyst-assessment:experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_experience_between_10_and_20_years">analyst-assessment:experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="4"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_experience_more_than_20_years">analyst-assessment:experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
</div>
<div class="sect2">
@ -1602,30 +1641,45 @@ analyst-assessment namespace available in JSON format at <a href="https://github
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_binary_reversing_experience_between_1_and_5_years">analyst-assessment:binary-reversing-experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_binary_reversing_experience_between_5_and_10_years">analyst-assessment:binary-reversing-experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_binary_reversing_experience_between_10_and_20_years">analyst-assessment:binary-reversing-experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="4"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_binary_reversing_experience_more_than_20_years">analyst-assessment:binary-reversing-experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
</div>
<div class="sect2">
@ -1704,30 +1758,45 @@ analyst-assessment namespace available in JSON format at <a href="https://github
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_web_experience_between_1_and_5_years">analyst-assessment:web-experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_web_experience_between_5_and_10_years">analyst-assessment:web-experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_web_experience_between_10_and_20_years">analyst-assessment:web-experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="4"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_web_experience_more_than_20_years">analyst-assessment:web-experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
</div>
<div class="sect2">
@ -1740,30 +1809,45 @@ analyst-assessment namespace available in JSON format at <a href="https://github
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_crypto_experience_between_1_and_5_years">analyst-assessment:crypto-experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_crypto_experience_between_5_and_10_years">analyst-assessment:crypto-experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_crypto_experience_between_10_and_20_years">analyst-assessment:crypto-experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="4"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessment_crypto_experience_more_than_20_years">analyst-assessment:crypto-experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
</div>
</div>
@ -5227,36 +5311,54 @@ estimative-language namespace available in JSON format at <a href="https://githu
<div class="paragraph">
<p>Very unlikely - highly improbable - 05-20%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_unlikely">estimative-language:likelihood-probability="unlikely"</h4>
<div class="paragraph">
<p>Unlikely - improbable (improbably) - 20-45%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_roughly_even_chance">estimative-language:likelihood-probability="roughly-even-chance"</h4>
<div class="paragraph">
<p>Roughly even change - roughly even odds - 45-55%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="45"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_likely">estimative-language:likelihood-probability="likely"</h4>
<div class="paragraph">
<p>Likely - probable (probably) - 55-80%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="55"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_very_likely">estimative-language:likelihood-probability="very-likely"</h4>
<div class="paragraph">
<p>Very likely - highly probable - 80-95%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_almost_certain">estimative-language:likelihood-probability="almost-certain"</h4>
<div class="paragraph">
<p>Almost certain(ly) - nearly certain - 95-99%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="95"</p>
</div>
</div>
</div>
</div>
@ -6473,8 +6575,32 @@ fr-classif namespace available in JSON format at <a href="https://github.com/MIS
<div class="paragraph">
<p>French gov information classification system</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_classifiees_defense">classifiees-defense</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_fr_classif_classifiees_defense_tres_secret_defense">fr-classif:classifiees-defense="TRES_SECRET_DEFENSE"</h4>
<div class="paragraph">
@ -6496,6 +6622,18 @@ fr-classif namespace available in JSON format at <a href="https://github.com/MIS
</div>
<div class="sect2">
<h3 id="_non_classifiees_defense">non-classifiees-defense</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_fr_classif_non_classifiees_defense_secret">fr-classif:non-classifiees-defense="SECRET"</h4>
<div class="paragraph">
@ -6517,6 +6655,18 @@ fr-classif namespace available in JSON format at <a href="https://github.com/MIS
</div>
<div class="sect2">
<h3 id="_non_classifiees">non-classifiees</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_fr_classif_non_classifiees_non_classifiees">fr-classif:non-classifiees="NON-CLASSIFIEES"</h4>
<div class="paragraph">
@ -8143,24 +8293,36 @@ misp namespace available in JSON format at <a href="https://github.com/MISP/misp
<div class="paragraph">
<p>Completely confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_usually_confident">misp:confidence-level="usually-confident"</h4>
<div class="paragraph">
<p>Usually confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_fairly_confident">misp:confidence-level="fairly-confident"</h4>
<div class="paragraph">
<p>Fairly confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_rarely_confident">misp:confidence-level="rarely-confident"</h4>
<div class="paragraph">
<p>Rarely confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_unconfident">misp:confidence-level="unconfident"</h4>
@ -8194,6 +8356,9 @@ misp namespace available in JSON format at <a href="https://github.com/MISP/misp
<div class="paragraph">
<p>Low risk which can include mass-malware. (CEUS threat level)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_threat_level_medium_risk">misp:threat-level="medium-risk"</h4>
@ -8203,6 +8368,9 @@ misp namespace available in JSON format at <a href="https://github.com/MISP/misp
<div class="paragraph">
<p>Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_threat_level_high_risk">misp:threat-level="high-risk"</h4>
@ -8212,6 +8380,9 @@ misp namespace available in JSON format at <a href="https://github.com/MISP/misp
<div class="paragraph">
<p>High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
@ -13026,64 +13197,82 @@ osint namespace available in JSON format at <a href="https://github.com/MISP/mis
<div class="sect3">
<h4 id="_osint_certainty_100">osint:certainty="100"</h4>
<div class="paragraph">
<p>100% Certainty</p>
<p>Certainty (probability equals 1 - 100%)</p>
</div>
<div class="paragraph">
<p>100% Certainty</p>
<p>Certainty</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_93">osint:certainty="93"</h4>
<div class="paragraph">
<p>93% Almost certain</p>
<p>Almost certain (probability equals 0.93 - 93%)</p>
</div>
<div class="paragraph">
<p>93% Almost certain</p>
<p>Almost certain</p>
</div>
<div class="paragraph">
<p>Associated numerical value="93"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_75">osint:certainty="75"</h4>
<div class="paragraph">
<p>75% Probable</p>
<p>Probable (probability equals 0.75 - 75%)</p>
</div>
<div class="paragraph">
<p>75% Probable</p>
<p>Probable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_50">osint:certainty="50"</h4>
<div class="paragraph">
<p>50% Chances about even</p>
<p>Chances about even (probability equals 0.50 - 50%)</p>
</div>
<div class="paragraph">
<p>50% Chances about even</p>
<p>Chances about even</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_30">osint:certainty="30"</h4>
<div class="paragraph">
<p>30% Probably not</p>
<p>Probably not (probability equals 0.30 - 30%)</p>
</div>
<div class="paragraph">
<p>30% Probably not</p>
<p>Probably not</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_7">osint:certainty="7"</h4>
<div class="paragraph">
<p>7% Almost certainly not</p>
<p>Almost certainly not (probability equals 0.07 - 7%)</p>
</div>
<div class="paragraph">
<p>7% Almost certainly not</p>
<p>Almost certainly not</p>
</div>
<div class="paragraph">
<p>Associated numerical value="7"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_0">osint:certainty="0"</h4>
<div class="paragraph">
<p>0% Impossibility</p>
<p>Impossibility (probability equals 0 - 0%)</p>
</div>
<div class="paragraph">
<p>0% Impossibility</p>
<p>Impossibility</p>
</div>
</div>
</div>
@ -13481,30 +13670,45 @@ targeted-threat-index namespace available in JSON format at <a href="https://git
<div class="paragraph">
<p>Targeted but not customized. Sent with a message that is obviously false with little to no validation required.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_poorly_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-poorly-customized"</h4>
<div class="paragraph">
<p>Targeted and poorly customized. Content is generally relevant to the target. May look questionable.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-customized"</h4>
<div class="paragraph">
<p>Targeted and customized. May use a real person/organization or content to convince the target the message is legitimate. Content is specifically relevant to the target and looks legitimate.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_well_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-well-customized"</h4>
<div class="paragraph">
<p>Targeted and well-customized. Uses a real person/organization and content to convince the target the message is legitimate. Probably directly addressing the recipient. Content is specifically relevant to the target, looks legitimate, and can be externally referenced (e.g. by a website). May be sent from a hacked account.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="4"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_highly_customized_using_sensitive_data">targeted-threat-index:targeting-sophistication-base-value="targeted-and-highly-customized-using-sensitive-data"</h4>
<div class="paragraph">
<p>Targeted and highly customized using sensitive data. Individually targeted and customized, likely using inside/sensitive information that is directly relevant to the target.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
</div>
<div class="sect2">
@ -13517,30 +13721,45 @@ targeted-threat-index namespace available in JSON format at <a href="https://git
<div class="paragraph">
<p>The sample contains no code protection such as packing, obfuscation (e.g. simple rotation of C2 names or other interesting strings), or anti-reversing tricks.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_a_simple_method_of_protection">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-a-simple-method-of-protection"</h4>
<div class="paragraph">
<p>The sample contains a simple method of protection, such as one of the following: code protection using publicly available tools where the reverse method is available, such as UPX packing; simple anti-reversing techniques such as not using import tables, or a call to IsDebuggerPresent(); self-disabling in the presence of AV software.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1.25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_multiple_minor_code_protection_techniques">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-multiple-minor-code-protection-techniques"</h4>
<div class="paragraph">
<p>The sample contains multiple minor code protection techniques (anti-reversing tricks, packing, VM / reversing tools detection) that require some low-level knowledge. This level includes malware where code that contains the core functionality of the program is decrypted only in memory.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1.5"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_minor_code_protection_techniques_plus_one_advanced">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-minor-code-protection-techniques-plus-one-advanced"</h4>
<div class="paragraph">
<p>The sample contains minor code protection techniques along with at least one advanced protection method such as rootkit functionality or a custom virtualized packer.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1.75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_multiple_advanced_protection_techniques">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-multiple-advanced-protection-techniques"</h4>
<div class="paragraph">
<p>The sample contains multiple advanced protection techniques, e.g. rootkit capability, virtualized packer, multiple anti-reversing techniques, and is clearly designed by a professional software engineering team.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
</div>
</div>
@ -13565,6 +13784,18 @@ tlp namespace available in JSON format at <a href="https://github.com/MISP/misp-
<pre>TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.</pre>
</div>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_red_2">red</h3>
<div class="paragraph">
@ -20225,7 +20456,7 @@ vocabulaire-des-probabilites-estimatives namespace available in JSON format at <
</div>
<div id="footer">
<div id="footer-text">
Last updated 2017-11-19 16:46:41 CET
Last updated 2017-12-01 11:06:46 CET
</div>
</div>
</body>

95374
taxonomies.pdf
View File

File diff suppressed because it is too large Load Diff