chg: [taxonomies] updated

master
Alexandre Dulaunoy 2022-01-22 18:21:52 +01:00
parent e86dd7f995
commit 7da53f1677
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 45673 additions and 43375 deletions

View File

@ -565,6 +565,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_scrippsco2_fgi">scrippsco2-fgi</a></li> <li><a href="#_scrippsco2_fgi">scrippsco2-fgi</a></li>
<li><a href="#_scrippsco2_sampling_stations">scrippsco2-sampling-stations</a></li> <li><a href="#_scrippsco2_sampling_stations">scrippsco2-sampling-stations</a></li>
<li><a href="#_smart_airports_threats">smart-airports-threats</a></li> <li><a href="#_smart_airports_threats">smart-airports-threats</a></li>
<li><a href="#_state_responsibility">state-responsibility</a></li>
<li><a href="#_stealth_malware">stealth_malware</a></li> <li><a href="#_stealth_malware">stealth_malware</a></li>
<li><a href="#_stix_ttp">stix-ttp</a></li> <li><a href="#_stix_ttp">stix-ttp</a></li>
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li> <li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
@ -42323,6 +42324,176 @@ smart-airports-threats namespace available in JSON format at <a href="https://gi
</div> </div>
</div> </div>
<div class="sect1"> <div class="sect1">
<h2 id="_state_responsibility">state-responsibility</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
state-responsibility namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/state-responsibility/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A spectrum of state responsibility to more directly tie the goals of attribution to the needs of policymakers.</p>
</div>
<div class="sect2">
<h3 id="_state_prohibited">state-prohibited.</h3>
<div class="paragraph">
<p>The national government will help stop the third-party attack, which may originate from its territory or merely be transiting through its networks. This responsibility is the most passive on the scale: though the government is cooperating, it still has some small share of responsibility for the insecure systems involved in the attack. In reality, nations cannot ensure the proper behavior of the tens or hundreds of millions of computers in their borders at all times.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_prohibited">state-responsibility:state-prohibited.</h4>
<div class="paragraph">
<p>State-prohibited.</p>
</div>
<div class="paragraph">
<p>The national government will help stop the third-party attack, which may originate from its territory or merely be transiting through its networks. This responsibility is the most passive on the scale: though the government is cooperating, it still has some small share of responsibility for the insecure systems involved in the attack. In reality, nations cannot ensure the proper behavior of the tens or hundreds of millions of computers in their borders at all times.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_prohibited_but_inadequate">state-prohibited-but-inadequate.</h3>
<div class="paragraph">
<p>The national government is cooperative and would stop the third-party attack but is unable to do so. The country might lack the proper laws, procedures, technical tools, or political will to use them. Though the nation could itself be a victim, it bears some passive responsibility for the attack, both for being unable to stop it and for having insecure systems in the first place.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_prohibited_but_inadequate">state-responsibility:state-prohibited-but-inadequate.</h4>
<div class="paragraph">
<p>State-prohibited-but-inadequate</p>
</div>
<div class="paragraph">
<p>The national government is cooperative and would stop the third-party attack but is unable to do so. The country might lack the proper laws, procedures, technical tools, or political will to use them. Though the nation could itself be a victim, it bears some passive responsibility for the attack, both for being unable to stop it and for having insecure systems in the first place.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_ignored">state-ignored</h3>
<div class="paragraph">
<p>The national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action. A government may even agree with the goals and results of the attackers and tip them off to avoid being detected.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_ignored">state-responsibility:state-ignored</h4>
<div class="paragraph">
<p>State-ignored</p>
</div>
<div class="paragraph">
<p>The national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action. A government may even agree with the goals and results of the attackers and tip them off to avoid being detected.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_encouraged">state-encouraged</h3>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the national government encourages them to continue as a matter of policy. This encouragement could include editorials in state-run press or leadership publicly agreeing with the goals of the attacks; members of government cyber offensive or intelligence organizations may be encouraged to undertake supportive recreational hacking while off duty. The nation is unlikely to be cooperative in any investigation and is likely to tip off the attackers</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_encouraged">state-responsibility:state-encouraged</h4>
<div class="paragraph">
<p>State-encouraged</p>
</div>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the national government encourages them to continue as a matter of policy. This encouragement could include editorials in state-run press or leadership publicly agreeing with the goals of the attacks; members of government cyber offensive or intelligence organizations may be encouraged to undertake supportive recreational hacking while off duty. The nation is unlikely to be cooperative in any investigation and is likely to tip off the attackers</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_shaped">state-shaped</h3>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the state provides some support, such as informal coordination between like-minded individuals in the government and the attacking group. To further their policy while retaining plausible deniability, the government may encourage members of their cyber forces to undertake 'recreational hacking' while off duty.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_shaped">state-responsibility:state-shaped</h4>
<div class="paragraph">
<p>State-shaped</p>
</div>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the state provides some support, such as informal coordination between like-minded individuals in the government and the attacking group. To further their policy while retaining plausible deniability, the government may encourage members of their cyber forces to undertake 'recreational hacking' while off duty.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_coordinated">state-coordinated</h3>
<div class="paragraph">
<p>The national government coordinates the third-party attackers—usually out of public view—by 'suggesting' targets, timing, or other operational details. The government may also provide technical or tactical assistance. Similar to state-shaped attacks, the government may encourage its cyber forces to engage in recreational hacking during off hours</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_coordinated">state-responsibility:state-coordinated</h4>
<div class="paragraph">
<p>State-coordinated</p>
</div>
<div class="paragraph">
<p>The national government coordinates the third-party attackers—usually out of public view—by 'suggesting' targets, timing, or other operational details. The government may also provide technical or tactical assistance. Similar to state-shaped attacks, the government may encourage its cyber forces to engage in recreational hacking during off hours</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_ordered">state-ordered</h3>
<div class="paragraph">
<p>The national government, as a matter of policy, directs third-party proxies to conduct the attack on its behalf. This is as “state-sponsored” as an attack can be, without direct attack from government cyber forces. Any attackers that are under state control could be considered to be de facto agents of the state under international law.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_ordered">state-responsibility:state-ordered</h4>
<div class="paragraph">
<p>State-ordered</p>
</div>
<div class="paragraph">
<p>The national government, as a matter of policy, directs third-party proxies to conduct the attack on its behalf. This is as “state-sponsored” as an attack can be, without direct attack from government cyber forces. Any attackers that are under state control could be considered to be de facto agents of the state under international law.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_rogue_conducted">state-rogue-conducted</h3>
<div class="paragraph">
<p>Elements of cyber forces of the national government conduct the attack. In this case, however, they carry out attacks without the knowledge, or approval, of the national leadership, which may act to stop the attacks should they learn of them. For example, local units or junior officers could be taking the initiative to counterattack out of the senior officers sight. More worrisome, this category could include sophisticated and persistent attacks from large bureaucracies conducting attacks that are at odds with the national leadership. Based on current precedence, a state could likely be held responsible by international courts for such rogue attacks.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_rogue_conducted">state-responsibility:state-rogue-conducted</h4>
<div class="paragraph">
<p>State-rogue-conducted.</p>
</div>
<div class="paragraph">
<p>Elements of cyber forces of the national government conduct the attack. In this case, however, they carry out attacks without the knowledge, or approval, of the national leadership, which may act to stop the attacks should they learn of them. For example, local units or junior officers could be taking the initiative to counterattack out of the senior officers sight. More worrisome, this category could include sophisticated and persistent attacks from large bureaucracies conducting attacks that are at odds with the national leadership. Based on current precedence, a state could likely be held responsible by international courts for such rogue attacks.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_executed">state-executed</h3>
<div class="paragraph">
<p>The national government, as a matter of policy, directly controls and conducts the attack using its own cyber forces</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_executed">state-responsibility:state-executed</h4>
<div class="paragraph">
<p>State-executed</p>
</div>
<div class="paragraph">
<p>The national government, as a matter of policy, directly controls and conducts the attack using its own cyber forces</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_integrated">state-integrated</h3>
<div class="paragraph">
<p>The national government integrates third-party attackers and government cyber forces, with common command and control. Orders and coordination may be formal or informal, but the government is in control of selecting targets, timing, and tempo. The attackers are de facto agents of the state</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_integrated">state-responsibility:state-integrated</h4>
<div class="paragraph">
<p>State-integrated</p>
</div>
<div class="paragraph">
<p>The national government integrates third-party attackers and government cyber forces, with common command and control. Orders and coordination may be formal or informal, but the government is in control of selecting targets, timing, and tempo. The attackers are de facto agents of the state</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_stealth_malware">stealth_malware</h2> <h2 id="_stealth_malware">stealth_malware</h2>
<div class="sectionbody"> <div class="sectionbody">
<div class="admonitionblock note"> <div class="admonitionblock note">
@ -56984,19 +57155,19 @@ Exclusive flag set which means the values or predicate below must be set exclusi
<div class="sect3"> <div class="sect3">
<h4 id="_workflowstateincomplete">workflow:state="incomplete"</h4> <h4 id="_workflowstateincomplete">workflow:state="incomplete"</h4>
<div class="paragraph"> <div class="paragraph">
<p>Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis</p> <p>Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis.</p>
</div> </div>
</div> </div>
<div class="sect3"> <div class="sect3">
<h4 id="_workflowstatecomplete">workflow:state="complete"</h4> <h4 id="_workflowstatecomplete">workflow:state="complete"</h4>
<div class="paragraph"> <div class="paragraph">
<p>Complete means that the information tagged reach a state of completeness with the current capabilities of the analyst</p> <p>Complete means that the information tagged reach a state of completeness with the current capabilities of the analyst.</p>
</div> </div>
</div> </div>
<div class="sect3"> <div class="sect3">
<h4 id="_workflowstatedraft">workflow:state="draft"</h4> <h4 id="_workflowstatedraft">workflow:state="draft"</h4>
<div class="paragraph"> <div class="paragraph">
<p>Draft means the information tagged can be released as a preliminary version or outline</p> <p>Draft means the information tagged can be released as a preliminary version or outline.</p>
</div> </div>
</div> </div>
<div class="sect3"> <div class="sect3">
@ -57005,6 +57176,12 @@ Exclusive flag set which means the values or predicate below must be set exclusi
<p>Analyst is currently working on this analysis. To remove when there is no more work to be done by the analyst.</p> <p>Analyst is currently working on this analysis. To remove when there is no more work to be done by the analyst.</p>
</div> </div>
</div> </div>
<div class="sect3">
<h4 id="_workflowstaterejected">workflow:state="rejected"</h4>
<div class="paragraph">
<p>Analyst rejected the process. The object will not reach state of completeness.</p>
</div>
</div>
</div> </div>
</div> </div>
</div> </div>
@ -57649,7 +57826,7 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2021-12-23 16:18:10 +0100 Last updated 2022-01-22 18:21:01 +0100
</div> </div>
</div> </div>
</body> </body>

File diff suppressed because one or more lines are too long