MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Taxonomies updated including the mapping

pull/2/head
Alexandre Dulaunoy 2017-10-24 08:25:20 +02:00
parent bb14a63ec8
commit 70a48968da
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 15473 additions and 9703 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

551
taxonomies.html
View File

@ -478,6 +478,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_tor">tor</a></li>
<li><a href="#_veris">veris</a></li>
<li><a href="#_vocabulaire_des_probabilites_estimatives">vocabulaire-des-probabilites-estimatives</a></li>
<li><a href="#_mapping_of_taxonomies">Mapping of taxonomies</a></li>
</ul>
</div>
</div>
@ -1761,6 +1762,12 @@ collaborative-intelligence namespace available in JSON format at <a href="https:
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_detection_signature">collaborative-intelligence:request="detection-signature"</h4>
<div class="paragraph">
<p>Request detection signature from</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_context">collaborative-intelligence:request="context"</h4>
<div class="paragraph">
<p>Request more contextual information</p>
@ -17952,10 +17959,552 @@ vocabulaire-des-probabilites-estimatives namespace available in JSON format at <
</div>
</div>
</div>
<h1 id="_mapping_of_taxonomies" class="sect0">Mapping of taxonomies</h1>
<div class="paragraph">
<p>Analysts relying on taxonomies don&#8217;t always know the appropriate namespace to use but know which value to use for classification. The MISP mapping taxonomy allows to map a single classification into a series of machine-tag synonyms.</p>
</div>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 1. Mapping table - <strong>Adware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Adware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Adware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Adware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Adware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 2. Mapping table - <strong>Brute Force</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Brute Force</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusion-attempts="brute-force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Brute force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:brute-force-attempt</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="brute-force"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 3. Mapping table - <strong>DDoS</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">DDoS</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:availability="ddos"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:availability="dos-ddos"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="DDoS"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="denial-of-service"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="denial-of-service"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 4. Mapping table - <strong>Downloader</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Downloader</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Downloader"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Downloader"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 5. Mapping table - <strong>Remote Access Tool</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Remote Access Tool</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="remote-access-tool"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="RemoteAccess"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 6. Mapping table - <strong>SQLi</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">SQLi</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="sql-injection"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="SQL injection"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:hacking:variety="SQLi"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="web-application-attacks-injection-attacks-code-injection-SQL-XSS"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:sql-injection</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 7. Mapping table - <strong>Spyware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Spyware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Spyware/Keylogger"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Spyware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Spyware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="spyware-or-deceptive-adware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 8. Mapping table - <strong>Trojan</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Trojan</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Trojan"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Trojan"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 9. Mapping table - <strong>Virus</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Virus</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Virus"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Virus"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 10. Mapping table - <strong>Worm</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Worm</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Worm"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Worm"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Worm"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 11. Mapping table - <strong>backdoor</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">backdoor</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusions="backdoor"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Backdoor"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Backdoor"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 12. Mapping table - <strong>brute force</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">brute force</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusion-attempts="brute-force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Brute force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:brute-force-attempt</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="brute-force"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 13. Mapping table - <strong>c&amp;c</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">c&amp;c</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="c&amp;c"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:malware="c&amp;c"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:c&amp;c-server-hosting</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="C2"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 14. Mapping table - <strong>exploit</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">exploit</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Exploit vuln"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusion-attempts="exploit"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:exploit</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:intrusion="exploitation-vulnerability"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Exploit"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 15. Mapping table - <strong>malware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="malware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="malware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 16. Mapping table - <strong>phishing</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">phishing</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:fraud="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:social:variety="Phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:information-gathering="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="phishing-attacks"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 17. Mapping table - <strong>ransomware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ransomware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="ransomware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="ransomware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Ransomware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Ransom"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Ransomware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 18. Mapping table - <strong>rootkit</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rootkit</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Rootkit"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="rootkits"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Rootkit"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 19. Mapping table - <strong>scan</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">scan</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="scan"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:information-gathering="scanning"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 20. Mapping table - <strong>scan network</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">scan network</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Scan network"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:network-scanning</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 21. Mapping table - <strong>spam</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">spam</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:abusive-content="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:spam</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:abusive-content="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:social:variety="Spam"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 22. Mapping table - <strong>tlp-amber</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-amber</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:amber</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="AMBER"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 23. Mapping table - <strong>tlp-green</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-green</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:green</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="GREEN"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 24. Mapping table - <strong>tlp-red</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-red</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:red</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="RED"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 25. Mapping table - <strong>tlp-white</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-white</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:white</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="WHITE"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all spread">
<caption class="title">Table 26. Mapping table - <strong>xss</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">xss</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="XSS"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:xss</p></td>
</tr>
</tbody>
</table>
</div>
<div id="footer">
<div id="footer-text">
Last updated 2017-10-02 12:08:38 CEST
Last updated 2017-10-24 08:13:13 CEST
</div>
</div>
</body>

24625
taxonomies.pdf
View File

File diff suppressed because it is too large Load Diff