mirror of https://github.com/MISP/misp-website
Updated taxonomies published
parent
88e37be8c2
commit
96ae6dafcb
195
taxonomies.html
195
taxonomies.html
|
@ -479,6 +479,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
|
||||||
<li><a href="#_osint">osint</a></li>
|
<li><a href="#_osint">osint</a></li>
|
||||||
<li><a href="#_passivetotal">passivetotal</a></li>
|
<li><a href="#_passivetotal">passivetotal</a></li>
|
||||||
<li><a href="#_rt_event_status">rt_event_status</a></li>
|
<li><a href="#_rt_event_status">rt_event_status</a></li>
|
||||||
|
<li><a href="#_runtime_packer">runtime-packer</a></li>
|
||||||
<li><a href="#_stealth_malware">stealth_malware</a></li>
|
<li><a href="#_stealth_malware">stealth_malware</a></li>
|
||||||
<li><a href="#_stix_ttp">stix-ttp</a></li>
|
<li><a href="#_stix_ttp">stix-ttp</a></li>
|
||||||
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
|
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
|
||||||
|
@ -8392,6 +8393,18 @@ misp namespace available in JSON format at <a href="https://github.com/MISP/misp
|
||||||
<p>Event with this tag should not be synced to other MISP instances</p>
|
<p>Event with this tag should not be synced to other MISP instances</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_tool">tool</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Tool associated with the information taggged</p>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_misp_tool_misp2stix">misp:tool="misp2stix"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>misp2stix</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="sect1">
|
<div class="sect1">
|
||||||
|
@ -13427,6 +13440,186 @@ rt_event_status namespace available in JSON format at <a href="https://github.co
|
||||||
<p>Deleted</p>
|
<p>Deleted</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect1">
|
||||||
|
<h2 id="_runtime_packer">runtime-packer</h2>
|
||||||
|
<div class="sectionbody">
|
||||||
|
<div class="admonitionblock note">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td class="icon">
|
||||||
|
<i class="fa icon-note" title="Note"></i>
|
||||||
|
</td>
|
||||||
|
<td class="content">
|
||||||
|
runtime-packer namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/runtime-packer/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.</p>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_portable_executable">portable-executable</h3>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_netshrink">runtime-packer:portable-executable=".netshrink"</h4>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_armadillo">runtime-packer:portable-executable="armadillo"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<div class="title">netshrink</div>
|
||||||
|
<p>Armadillo</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_aspack">runtime-packer:portable-executable="aspack"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>ASPack</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_aspr_asprotect">runtime-packer:portable-executable="aspr-asprotect"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>ASPR (ASProtect)</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_boxedapp_packer">runtime-packer:portable-executable="boxedapp-packer"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>BoxedApp Packer</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_cexe">runtime-packer:portable-executable="cexe"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>CExe</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_dotbundle">runtime-packer:portable-executable="dotbundle"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>dotBundle</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_enigma_protector">runtime-packer:portable-executable="enigma-protector"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Enigma Protector</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_exe_bundle">runtime-packer:portable-executable="exe-bundle"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>EXE Bundle</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_exe_stealth">runtime-packer:portable-executable="exe-stealth"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>EXE Stealth</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_expressor">runtime-packer:portable-executable="expressor"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>eXPressor</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_fsg">runtime-packer:portable-executable="fsg"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>FSG</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_kkrunchy_src">runtime-packer:portable-executable="kkrunchy-src"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>kkrunchy src</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_mew">runtime-packer:portable-executable="mew"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>MEW</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_mpress">runtime-packer:portable-executable="mpress"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>MPRESS</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_obsidium">runtime-packer:portable-executable="obsidium"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Obsidium</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_pelock">runtime-packer:portable-executable="pelock"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>PELock</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_pespin">runtime-packer:portable-executable="pespin"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>PESpin</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_petite">runtime-packer:portable-executable="petite"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Petite</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_rlpack_basic">runtime-packer:portable-executable="rlpack-basic"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>RLPack Basic</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_smart_packer_pro">runtime-packer:portable-executable="smart-packer-pro"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Smart Packer Pro</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_themida">runtime-packer:portable-executable="themida"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Themida</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_upx">runtime-packer:portable-executable="upx"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>UPX</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_vmprotect">runtime-packer:portable-executable="vmprotect"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>VMProtect</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_runtime_packer_portable_executable_xcomp_xpack">runtime-packer:portable-executable="xcomp-xpack"</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>XComp/XPack</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_elf">elf</h3>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_cli_assembly">cli-assembly</h3>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -20573,7 +20766,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
|
||||||
</div>
|
</div>
|
||||||
<div id="footer">
|
<div id="footer">
|
||||||
<div id="footer-text">
|
<div id="footer-text">
|
||||||
Last updated 2017-12-11 20:31:39 CET
|
Last updated 2017-12-28 19:46:43 CET
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
|
39725
taxonomies.pdf
39725
taxonomies.pdf
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue