mirror of https://github.com/MISP/misp-website
chg: [taxonomies] updated
parent
e86dd7f995
commit
788c60256b
322
taxonomies.html
322
taxonomies.html
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="UTF-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="generator" content="Asciidoctor 2.0.16">
|
||||
<meta name="generator" content="Asciidoctor 2.0.17">
|
||||
<title>MISP taxonomies and classification as machine tags</title>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
|
||||
<style>
|
||||
|
|
@ -193,7 +193,8 @@ body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
|||
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
||||
details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
||||
details{margin-left:1.25rem}
|
||||
details>summary{cursor:pointer;display:block;position:relative;line-height:1.6;margin-bottom:.625rem;-webkit-tap-highlight-color:transparent}
|
||||
details>summary{cursor:pointer;display:block;position:relative;line-height:1.6;margin-bottom:.625rem;outline:none;-webkit-tap-highlight-color:transparent}
|
||||
details>summary::-webkit-details-marker{display:none}
|
||||
details>summary::before{content:"";border:solid transparent;border-left:solid;border-width:.3em 0 .3em .5em;position:absolute;top:.5em;left:-1.25rem;transform:translateX(15%)}
|
||||
details[open]>summary::before{border:solid transparent;border-top:solid;border-width:.5em .3em 0;transform:translateY(15%)}
|
||||
details>summary::after{content:"";width:1.25rem;height:1em;position:absolute;top:.3em;left:-1.25rem}
|
||||
|
|
@ -235,9 +236,8 @@ pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none}
|
|||
table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
||||
table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal}
|
||||
table.linenotable td.code{padding-left:.75em}
|
||||
table.linenotable td.linenos{border-right:1px solid;opacity:.35;padding-right:.5em}
|
||||
pre.pygments .lineno{border-right:1px solid;opacity:.35;display:inline-block;margin-right:.75em}
|
||||
pre.pygments .lineno::before{content:"";margin-right:-.125em}
|
||||
table.linenotable td.linenos,pre.pygments .linenos{border-right:1px solid;opacity:.35;padding-right:.5em;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}
|
||||
pre.pygments span.linenos{display:inline-block;margin-right:.75em}
|
||||
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
||||
.quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em}
|
||||
.quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
||||
|
|
@ -274,7 +274,7 @@ table.frame-none>colgroup+*>:first-child>*,table.frame-sides>colgroup+*>:first-c
|
|||
table.frame-none>:last-child>:last-child>*,table.frame-sides>:last-child>:last-child>*{border-bottom-width:0}
|
||||
table.frame-none>*>tr>:first-child,table.frame-ends>*>tr>:first-child{border-left-width:0}
|
||||
table.frame-none>*>tr>:last-child,table.frame-ends>*>tr>:last-child{border-right-width:0}
|
||||
table.stripes-all tr,table.stripes-odd tr:nth-of-type(odd),table.stripes-even tr:nth-of-type(even),table.stripes-hover tr:hover{background:#f8f8f7}
|
||||
table.stripes-all>*>tr,table.stripes-odd>*>tr:nth-of-type(odd),table.stripes-even>*>tr:nth-of-type(even),table.stripes-hover>*>tr:hover{background:#f8f8f7}
|
||||
th.halign-left,td.halign-left{text-align:left}
|
||||
th.halign-right,td.halign-right{text-align:right}
|
||||
th.halign-center,td.halign-center{text-align:center}
|
||||
|
|
@ -290,10 +290,11 @@ ol{margin-left:1.75em}
|
|||
ul li ol{margin-left:1.5em}
|
||||
dl dd{margin-left:1.125em}
|
||||
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
||||
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
||||
li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
||||
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
|
||||
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
|
||||
ul.unstyled,ol.unstyled{margin-left:0}
|
||||
li>p:empty:only-child::before{content:"";display:inline-block}
|
||||
ul.checklist>li>p:first-child{margin-left:-1em}
|
||||
ul.checklist>li>p:first-child>.fa-square-o:first-child,ul.checklist>li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
||||
ul.checklist>li>p:first-child>input[type=checkbox]:first-child{margin-right:.25em}
|
||||
|
|
@ -336,8 +337,6 @@ sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
|
|||
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
|
||||
#footnotes .footnote:last-of-type{margin-bottom:0}
|
||||
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
||||
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
|
||||
.gist .file-data>table td.line-data{width:99%}
|
||||
div.unbreakable{page-break-inside:avoid}
|
||||
.big{font-size:larger}
|
||||
.small{font-size:smaller}
|
||||
|
|
@ -565,6 +564,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
|
|||
<li><a href="#_scrippsco2_fgi">scrippsco2-fgi</a></li>
|
||||
<li><a href="#_scrippsco2_sampling_stations">scrippsco2-sampling-stations</a></li>
|
||||
<li><a href="#_smart_airports_threats">smart-airports-threats</a></li>
|
||||
<li><a href="#_state_responsibility">state-responsibility</a></li>
|
||||
<li><a href="#_stealth_malware">stealth_malware</a></li>
|
||||
<li><a href="#_stix_ttp">stix-ttp</a></li>
|
||||
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
|
||||
|
|
@ -41253,7 +41253,7 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
</table>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.</p>
|
||||
<p>Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.</p>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_portable_executable">portable-executable</h3>
|
||||
|
|
@ -41262,9 +41262,27 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablearmadillo">runtime-packer:portable-executable="armadillo"</h4>
|
||||
<h4 id="_runtime_packerportable_executablealienyze">runtime-packer:portable-executable="alienyze"</h4>
|
||||
<div class="paragraph">
|
||||
<div class="title">netshrink</div>
|
||||
<p>Alienyze</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableapack">runtime-packer:portable-executable="apack"</h4>
|
||||
<div class="paragraph">
|
||||
<p>aPack</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableapk_protect">runtime-packer:portable-executable="apk-protect"</h4>
|
||||
<div class="paragraph">
|
||||
<p>APK Protect</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablearmadillo">runtime-packer:portable-executable="armadillo"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Armadillo</p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -41281,6 +41299,18 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableautoit">runtime-packer:portable-executable="autoit"</h4>
|
||||
<div class="paragraph">
|
||||
<p>AutoIT</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablebero">runtime-packer:portable-executable="bero"</h4>
|
||||
<div class="paragraph">
|
||||
<p>BeRo EXE Packer</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableboxedapp_packer">runtime-packer:portable-executable="boxedapp-packer"</h4>
|
||||
<div class="paragraph">
|
||||
<p>BoxedApp Packer</p>
|
||||
|
|
@ -41293,6 +41323,24 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablecode_virtualizer">runtime-packer:portable-executable="code-virtualizer"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Code Virtualizer</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executabledexguard">runtime-packer:portable-executable="dexguard"</h4>
|
||||
<div class="paragraph">
|
||||
<p>DexGuard</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executabledexprotector">runtime-packer:portable-executable="dexprotector"</h4>
|
||||
<div class="paragraph">
|
||||
<p>DexProtector</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executabledotbundle">runtime-packer:portable-executable="dotbundle"</h4>
|
||||
<div class="paragraph">
|
||||
<p>dotBundle</p>
|
||||
|
|
@ -41329,9 +41377,21 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablekkrunchy_src">runtime-packer:portable-executable="kkrunchy-src"</h4>
|
||||
<h4 id="_runtime_packerportable_executablegzexe">runtime-packer:portable-executable="gzexe"</h4>
|
||||
<div class="paragraph">
|
||||
<p>kkrunchy src</p>
|
||||
<p>GzExe</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablekkrunchy">runtime-packer:portable-executable="kkrunchy"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Kkrunchy</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableliapp">runtime-packer:portable-executable="liapp"</h4>
|
||||
<div class="paragraph">
|
||||
<p>LIAPP</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
|
|
@ -41347,18 +41407,36 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablenspack">runtime-packer:portable-executable="nspack"</h4>
|
||||
<div class="paragraph">
|
||||
<p>NSPack</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableobsidium">runtime-packer:portable-executable="obsidium"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Obsidium</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablepecompact">runtime-packer:portable-executable="pecompact"</h4>
|
||||
<div class="paragraph">
|
||||
<p>PECompact</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablepelock">runtime-packer:portable-executable="pelock"</h4>
|
||||
<div class="paragraph">
|
||||
<p>PELock</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablepeshield">runtime-packer:portable-executable="peshield"</h4>
|
||||
<div class="paragraph">
|
||||
<p>PEShield</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablepespin">runtime-packer:portable-executable="pespin"</h4>
|
||||
<div class="paragraph">
|
||||
<p>PESpin</p>
|
||||
|
|
@ -41367,7 +41445,7 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablepetite">runtime-packer:portable-executable="petite"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Petite</p>
|
||||
<p>PEtite</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
|
|
@ -41389,6 +41467,12 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableupack">runtime-packer:portable-executable="upack"</h4>
|
||||
<div class="paragraph">
|
||||
<p>UPack</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableupx">runtime-packer:portable-executable="upx"</h4>
|
||||
<div class="paragraph">
|
||||
<p>UPX</p>
|
||||
|
|
@ -41406,10 +41490,36 @@ runtime-packer namespace available in JSON format at <a href="https://github.com
|
|||
<p>XComp/XPack</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableyoda_crypter">runtime-packer:portable-executable="yoda-crypter"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Yoda’s Crypter</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executableyoda_protector">runtime-packer:portable-executable="yoda-protector"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Yoda’s Protector</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_runtime_packerportable_executablezprotect">runtime-packer:portable-executable="zprotect"</h4>
|
||||
<div class="paragraph">
|
||||
<p>ZProtect</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_dex">dex</h3>
|
||||
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_elf">elf</h3>
|
||||
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_mach_o">mach-o</h3>
|
||||
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_cli_assembly">cli-assembly</h3>
|
||||
|
|
@ -42323,6 +42433,176 @@ smart-airports-threats namespace available in JSON format at <a href="https://gi
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect1">
|
||||
<h2 id="_state_responsibility">state-responsibility</h2>
|
||||
<div class="sectionbody">
|
||||
<div class="admonitionblock note">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="icon">
|
||||
<i class="fa icon-note" title="Note"></i>
|
||||
</td>
|
||||
<td class="content">
|
||||
state-responsibility namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/state-responsibility/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>A spectrum of state responsibility to more directly tie the goals of attribution to the needs of policymakers.</p>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_prohibited">state-prohibited.</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government will help stop the third-party attack, which may originate from its territory or merely be transiting through its networks. This responsibility is the most passive on the scale: though the government is cooperating, it still has some small share of responsibility for the insecure systems involved in the attack. In reality, nations cannot ensure the proper behavior of the tens or hundreds of millions of computers in their borders at all times.</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_prohibited">state-responsibility:state-prohibited.</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-prohibited.</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government will help stop the third-party attack, which may originate from its territory or merely be transiting through its networks. This responsibility is the most passive on the scale: though the government is cooperating, it still has some small share of responsibility for the insecure systems involved in the attack. In reality, nations cannot ensure the proper behavior of the tens or hundreds of millions of computers in their borders at all times.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_prohibited_but_inadequate">state-prohibited-but-inadequate.</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government is cooperative and would stop the third-party attack but is unable to do so. The country might lack the proper laws, procedures, technical tools, or political will to use them. Though the nation could itself be a victim, it bears some passive responsibility for the attack, both for being unable to stop it and for having insecure systems in the first place.</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_prohibited_but_inadequate">state-responsibility:state-prohibited-but-inadequate.</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-prohibited-but-inadequate</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government is cooperative and would stop the third-party attack but is unable to do so. The country might lack the proper laws, procedures, technical tools, or political will to use them. Though the nation could itself be a victim, it bears some passive responsibility for the attack, both for being unable to stop it and for having insecure systems in the first place.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_ignored">state-ignored</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action. A government may even agree with the goals and results of the attackers and tip them off to avoid being detected.</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_ignored">state-responsibility:state-ignored</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-ignored</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action. A government may even agree with the goals and results of the attackers and tip them off to avoid being detected.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_encouraged">state-encouraged</h3>
|
||||
<div class="paragraph">
|
||||
<p>Third parties control and conduct the attack, but the national government encourages them to continue as a matter of policy. This encouragement could include editorials in state-run press or leadership publicly agreeing with the goals of the attacks; members of government cyber offensive or intelligence organizations may be encouraged to undertake supportive recreational hacking while off duty. The nation is unlikely to be cooperative in any investigation and is likely to tip off the attackers</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_encouraged">state-responsibility:state-encouraged</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-encouraged</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>Third parties control and conduct the attack, but the national government encourages them to continue as a matter of policy. This encouragement could include editorials in state-run press or leadership publicly agreeing with the goals of the attacks; members of government cyber offensive or intelligence organizations may be encouraged to undertake supportive recreational hacking while off duty. The nation is unlikely to be cooperative in any investigation and is likely to tip off the attackers</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_shaped">state-shaped</h3>
|
||||
<div class="paragraph">
|
||||
<p>Third parties control and conduct the attack, but the state provides some support, such as informal coordination between like-minded individuals in the government and the attacking group. To further their policy while retaining plausible deniability, the government may encourage members of their cyber forces to undertake 'recreational hacking' while off duty.</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_shaped">state-responsibility:state-shaped</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-shaped</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>Third parties control and conduct the attack, but the state provides some support, such as informal coordination between like-minded individuals in the government and the attacking group. To further their policy while retaining plausible deniability, the government may encourage members of their cyber forces to undertake 'recreational hacking' while off duty.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_coordinated">state-coordinated</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government coordinates the third-party attackers—usually out of public view—by 'suggesting' targets, timing, or other operational details. The government may also provide technical or tactical assistance. Similar to state-shaped attacks, the government may encourage its cyber forces to engage in recreational hacking during off hours</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_coordinated">state-responsibility:state-coordinated</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-coordinated</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government coordinates the third-party attackers—usually out of public view—by 'suggesting' targets, timing, or other operational details. The government may also provide technical or tactical assistance. Similar to state-shaped attacks, the government may encourage its cyber forces to engage in recreational hacking during off hours</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_ordered">state-ordered</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government, as a matter of policy, directs third-party proxies to conduct the attack on its behalf. This is as “state-sponsored” as an attack can be, without direct attack from government cyber forces. Any attackers that are under state control could be considered to be de facto agents of the state under international law.</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_ordered">state-responsibility:state-ordered</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-ordered</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government, as a matter of policy, directs third-party proxies to conduct the attack on its behalf. This is as “state-sponsored” as an attack can be, without direct attack from government cyber forces. Any attackers that are under state control could be considered to be de facto agents of the state under international law.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_rogue_conducted">state-rogue-conducted</h3>
|
||||
<div class="paragraph">
|
||||
<p>Elements of cyber forces of the national government conduct the attack. In this case, however, they carry out attacks without the knowledge, or approval, of the national leadership, which may act to stop the attacks should they learn of them. For example, local units or junior officers could be taking the initiative to counterattack out of the senior officers sight. More worrisome, this category could include sophisticated and persistent attacks from large bureaucracies conducting attacks that are at odds with the national leadership. Based on current precedence, a state could likely be held responsible by international courts for such rogue attacks.</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_rogue_conducted">state-responsibility:state-rogue-conducted</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-rogue-conducted.</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>Elements of cyber forces of the national government conduct the attack. In this case, however, they carry out attacks without the knowledge, or approval, of the national leadership, which may act to stop the attacks should they learn of them. For example, local units or junior officers could be taking the initiative to counterattack out of the senior officers sight. More worrisome, this category could include sophisticated and persistent attacks from large bureaucracies conducting attacks that are at odds with the national leadership. Based on current precedence, a state could likely be held responsible by international courts for such rogue attacks.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_executed">state-executed</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government, as a matter of policy, directly controls and conducts the attack using its own cyber forces</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_executed">state-responsibility:state-executed</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-executed</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government, as a matter of policy, directly controls and conducts the attack using its own cyber forces</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2">
|
||||
<h3 id="_state_integrated">state-integrated</h3>
|
||||
<div class="paragraph">
|
||||
<p>The national government integrates third-party attackers and government cyber forces, with common command and control. Orders and coordination may be formal or informal, but the government is in control of selecting targets, timing, and tempo. The attackers are de facto agents of the state</p>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_state_responsibilitystate_integrated">state-responsibility:state-integrated</h4>
|
||||
<div class="paragraph">
|
||||
<p>State-integrated</p>
|
||||
</div>
|
||||
<div class="paragraph">
|
||||
<p>The national government integrates third-party attackers and government cyber forces, with common command and control. Orders and coordination may be formal or informal, but the government is in control of selecting targets, timing, and tempo. The attackers are de facto agents of the state</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect1">
|
||||
<h2 id="_stealth_malware">stealth_malware</h2>
|
||||
<div class="sectionbody">
|
||||
<div class="admonitionblock note">
|
||||
|
|
@ -56984,19 +57264,19 @@ Exclusive flag set which means the values or predicate below must be set exclusi
|
|||
<div class="sect3">
|
||||
<h4 id="_workflowstateincomplete">workflow:state="incomplete"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis</p>
|
||||
<p>Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_workflowstatecomplete">workflow:state="complete"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Complete means that the information tagged reach a state of completeness with the current capabilities of the analyst</p>
|
||||
<p>Complete means that the information tagged reach a state of completeness with the current capabilities of the analyst.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_workflowstatedraft">workflow:state="draft"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Draft means the information tagged can be released as a preliminary version or outline</p>
|
||||
<p>Draft means the information tagged can be released as a preliminary version or outline.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
|
|
@ -57005,6 +57285,12 @@ Exclusive flag set which means the values or predicate below must be set exclusi
|
|||
<p>Analyst is currently working on this analysis. To remove when there is no more work to be done by the analyst.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect3">
|
||||
<h4 id="_workflowstaterejected">workflow:state="rejected"</h4>
|
||||
<div class="paragraph">
|
||||
<p>Analyst rejected the process. The object will not reach state of completeness.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -57649,7 +57935,7 @@ Exclusive flag set which means the values or predicate below must be set exclusi
|
|||
</div>
|
||||
<div id="footer">
|
||||
<div id="footer-text">
|
||||
Last updated 2021-12-23 16:18:10 +0100
|
||||
Last updated 2022-01-29 12:11:29 +0100
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
|
|
|||
114942
taxonomies.pdf
114942
taxonomies.pdf
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue