MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Updated taxonomies published

pull/3/head
Alexandre Dulaunoy 2017-12-28 19:47:33 +01:00
parent 88e37be8c2
commit 96ae6dafcb
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 20655 additions and 19265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
taxonomies.html
View File

@ -479,6 +479,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_osint">osint</a></li>
<li><a href="#_passivetotal">passivetotal</a></li>
<li><a href="#_rt_event_status">rt_event_status</a></li>
<li><a href="#_runtime_packer">runtime-packer</a></li>
<li><a href="#_stealth_malware">stealth_malware</a></li>
<li><a href="#_stix_ttp">stix-ttp</a></li>
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
@ -8392,6 +8393,18 @@ misp namespace available in JSON format at <a href="https://github.com/MISP/misp
<p>Event with this tag should not be synced to other MISP instances</p>
</div>
</div>
<div class="sect2">
<h3 id="_tool">tool</h3>
<div class="paragraph">
<p>Tool associated with the information taggged</p>
</div>
<div class="sect3">
<h4 id="_misp_tool_misp2stix">misp:tool="misp2stix"</h4>
<div class="paragraph">
<p>misp2stix</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
@ -13427,6 +13440,186 @@ rt_event_status namespace available in JSON format at <a href="https://github.co
<p>Deleted</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_runtime_packer">runtime-packer</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
runtime-packer namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/runtime-packer/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.</p>
</div>
<div class="sect2">
<h3 id="_portable_executable">portable-executable</h3>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_netshrink">runtime-packer:portable-executable=".netshrink"</h4>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_armadillo">runtime-packer:portable-executable="armadillo"</h4>
<div class="paragraph">
<div class="title">netshrink</div>
<p>Armadillo</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_aspack">runtime-packer:portable-executable="aspack"</h4>
<div class="paragraph">
<p>ASPack</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_aspr_asprotect">runtime-packer:portable-executable="aspr-asprotect"</h4>
<div class="paragraph">
<p>ASPR (ASProtect)</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_boxedapp_packer">runtime-packer:portable-executable="boxedapp-packer"</h4>
<div class="paragraph">
<p>BoxedApp Packer</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_cexe">runtime-packer:portable-executable="cexe"</h4>
<div class="paragraph">
<p>CExe</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_dotbundle">runtime-packer:portable-executable="dotbundle"</h4>
<div class="paragraph">
<p>dotBundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_enigma_protector">runtime-packer:portable-executable="enigma-protector"</h4>
<div class="paragraph">
<p>Enigma Protector</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_exe_bundle">runtime-packer:portable-executable="exe-bundle"</h4>
<div class="paragraph">
<p>EXE Bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_exe_stealth">runtime-packer:portable-executable="exe-stealth"</h4>
<div class="paragraph">
<p>EXE Stealth</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_expressor">runtime-packer:portable-executable="expressor"</h4>
<div class="paragraph">
<p>eXPressor</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_fsg">runtime-packer:portable-executable="fsg"</h4>
<div class="paragraph">
<p>FSG</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_kkrunchy_src">runtime-packer:portable-executable="kkrunchy-src"</h4>
<div class="paragraph">
<p>kkrunchy src</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_mew">runtime-packer:portable-executable="mew"</h4>
<div class="paragraph">
<p>MEW</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_mpress">runtime-packer:portable-executable="mpress"</h4>
<div class="paragraph">
<p>MPRESS</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_obsidium">runtime-packer:portable-executable="obsidium"</h4>
<div class="paragraph">
<p>Obsidium</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_pelock">runtime-packer:portable-executable="pelock"</h4>
<div class="paragraph">
<p>PELock</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_pespin">runtime-packer:portable-executable="pespin"</h4>
<div class="paragraph">
<p>PESpin</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_petite">runtime-packer:portable-executable="petite"</h4>
<div class="paragraph">
<p>Petite</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_rlpack_basic">runtime-packer:portable-executable="rlpack-basic"</h4>
<div class="paragraph">
<p>RLPack Basic</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_smart_packer_pro">runtime-packer:portable-executable="smart-packer-pro"</h4>
<div class="paragraph">
<p>Smart Packer Pro</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_themida">runtime-packer:portable-executable="themida"</h4>
<div class="paragraph">
<p>Themida</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_upx">runtime-packer:portable-executable="upx"</h4>
<div class="paragraph">
<p>UPX</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_vmprotect">runtime-packer:portable-executable="vmprotect"</h4>
<div class="paragraph">
<p>VMProtect</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packer_portable_executable_xcomp_xpack">runtime-packer:portable-executable="xcomp-xpack"</h4>
<div class="paragraph">
<p>XComp/XPack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_elf">elf</h3>
</div>
<div class="sect2">
<h3 id="_cli_assembly">cli-assembly</h3>
</div>
</div>
</div>
@ -20573,7 +20766,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div>
<div id="footer">
<div id="footer-text">
Last updated 2017-12-11 20:31:39 CET
Last updated 2017-12-28 19:46:43 CET
</div>
</div>
</body>

39725
taxonomies.pdf
View File

File diff suppressed because it is too large Load Diff