chg: taxonomies updated to the latest version

pull/6/head
Alexandre Dulaunoy 2018-09-12 09:33:56 +02:00
parent b9a76596d5
commit 976a29f609
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 79177 additions and 76643 deletions

View File

@ -494,6 +494,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_maec_malware_obfuscation_methods">maec-malware-obfuscation-methods</a></li> <li><a href="#_maec_malware_obfuscation_methods">maec-malware-obfuscation-methods</a></li>
<li><a href="#_malware_classification">malware_classification</a></li> <li><a href="#_malware_classification">malware_classification</a></li>
<li><a href="#_misp">misp</a></li> <li><a href="#_misp">misp</a></li>
<li><a href="#_monarc_threat">monarc-threat</a></li>
<li><a href="#_ms_caro_malware">ms-caro-malware</a></li> <li><a href="#_ms_caro_malware">ms-caro-malware</a></li>
<li><a href="#_ms_caro_malware_full">ms-caro-malware-full</a></li> <li><a href="#_ms_caro_malware_full">ms-caro-malware-full</a></li>
<li><a href="#_nato">nato</a></li> <li><a href="#_nato">nato</a></li>
@ -7654,7 +7655,7 @@ event-assessment namespace available in JSON format at <a href="https://github.c
<div class="sect3"> <div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processdevils_advocates_methodology">event-assessment:alternative-points-of-view-process="devils-advocates-methodology"</h4> <h4 id="_event_assessmentalternative_points_of_view_processdevils_advocates_methodology">event-assessment:alternative-points-of-view-process="devils-advocates-methodology"</h4>
<div class="paragraph"> <div class="paragraph">
<p>Devil&#8217;s advocates methodlogy</p> <p>Devil&#8217;s advocates methodology</p>
</div> </div>
</div> </div>
<div class="sect3"> <div class="sect3">
@ -8101,7 +8102,7 @@ honeypot-basic namespace available in JSON format at <a href="https://github.com
</table> </table>
</div> </div>
<div class="paragraph"> <div class="paragraph">
<p>Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, <a href="http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" class="bare">http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf</a></p> <p>Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, <a href="http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" class="bare">http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf</a></p>
</div> </div>
<div class="sect2"> <div class="sect2">
<h3 id="_interaction_level">interaction-level</h3> <h3 id="_interaction_level">interaction-level</h3>
@ -8126,6 +8127,15 @@ honeypot-basic namespace available in JSON format at <a href="https://github.com
<p>Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination</p> <p>Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination</p>
</div> </div>
</div> </div>
<div class="sect3">
<h4 id="_honeypot_basicinteraction_levelnone">honeypot-basic:interaction-level="none"</h4>
<div class="paragraph">
<p>No interaction capabilities</p>
</div>
<div class="paragraph">
<p>No exposed functionality in the honeypot.</p>
</div>
</div>
</div> </div>
<div class="sect2"> <div class="sect2">
<h3 id="_data_capture">data-capture</h3> <h3 id="_data_capture">data-capture</h3>
@ -8133,6 +8143,15 @@ honeypot-basic namespace available in JSON format at <a href="https://github.com
<p>Describes the type of data a honeypot is able to capture</p> <p>Describes the type of data a honeypot is able to capture</p>
</div> </div>
<div class="sect3"> <div class="sect3">
<h4 id="_honeypot_basicdata_capturenetwork_capture">honeypot-basic:data-capture="network-capture"</h4>
<div class="paragraph">
<p>Network capture</p>
</div>
<div class="paragraph">
<p>The honeypot collects raw network capture.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdata_captureevents">honeypot-basic:data-capture="events"</h4> <h4 id="_honeypot_basicdata_captureevents">honeypot-basic:data-capture="events"</h4>
<div class="paragraph"> <div class="paragraph">
<p>Events</p> <p>Events</p>
@ -12920,6 +12939,314 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div> </div>
</div> </div>
<div class="sect1"> <div class="sect1">
<h2 id="_monarc_threat">monarc-threat</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
monarc-threat namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/monarc-threat/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>MONARC Threats Taxonomy</p>
</div>
<div class="sect2">
<h3 id="_compromise_of_functions">compromise-of-functions</h3>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionserror_in_use">monarc-threat:compromise-of-functions="error-in-use"</h4>
<div class="paragraph">
<p>Error in use</p>
</div>
<div class="paragraph">
<p>A person commits an operating error, input error or utilisation error on hardware or software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsforging_of_rights">monarc-threat:compromise-of-functions="forging-of-rights"</h4>
<div class="paragraph">
<p>Forging of rights</p>
</div>
<div class="paragraph">
<p>A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionseavesdropping">monarc-threat:compromise-of-functions="eavesdropping"</h4>
<div class="paragraph">
<p>Eavesdropping</p>
</div>
<div class="paragraph">
<p>Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsdenial_of_actions">monarc-threat:compromise-of-functions="denial-of-actions"</h4>
<div class="paragraph">
<p>Denial of actions</p>
</div>
<div class="paragraph">
<p>A person or entity denies being involved in an exchange with a third party or carrying out an operation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsabuse_of_rights">monarc-threat:compromise-of-functions="abuse-of-rights"</h4>
<div class="paragraph">
<p>Abuse of rights</p>
</div>
<div class="paragraph">
<p>Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsbreach_of_personnel_availability">monarc-threat:compromise-of-functions="breach-of-personnel-availability"</h4>
<div class="paragraph">
<p>Breach of personnel availability</p>
</div>
<div class="paragraph">
<p>Absence of qualified or authorised personnel to execute the usual operations.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unauthorised_actions">unauthorised-actions</h3>
<div class="sect3">
<h4 id="_monarc_threatunauthorised_actionsfraudulent_copying_or_use_of_counterfeit_software">monarc-threat:unauthorised-actions="fraudulent-copying-or-use-of-counterfeit-software"</h4>
<div class="paragraph">
<p>Fraudulent copying or use of counterfeit software</p>
</div>
<div class="paragraph">
<p>Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatunauthorised_actionscorruption_of_data">monarc-threat:unauthorised-actions="corruption-of-data"</h4>
<div class="paragraph">
<p>Corruption of data</p>
</div>
<div class="paragraph">
<p>Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatunauthorised_actionsillegal_processing_of_data">monarc-threat:unauthorised-actions="illegal-processing-of-data"</h4>
<div class="paragraph">
<p>Illegal processing of data</p>
</div>
<div class="paragraph">
<p>A person carries out information processing that is forbidden by the law or a regulation.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_compromise_of_information">compromise-of-information</h3>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationremote_spying">monarc-threat:compromise-of-information="remote-spying"</h4>
<div class="paragraph">
<p>Remote spying</p>
</div>
<div class="paragraph">
<p>Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationtampering_with_hardware">monarc-threat:compromise-of-information="tampering-with-hardware"</h4>
<div class="paragraph">
<p>Tampering with hardware</p>
</div>
<div class="paragraph">
<p>Someone with access to a communication medium or equipment installs an interception or destruction device in it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationinterception_of_compromising_interference_signals">monarc-threat:compromise-of-information="interception-of-compromising-interference-signals"</h4>
<div class="paragraph">
<p>Interception of compromising interference signals</p>
</div>
<div class="paragraph">
<p>Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon).</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationtheft_or_destruction_of_media_documents_or_equipment">monarc-threat:compromise-of-information="theft-or-destruction-of-media-documents-or-equipment"</h4>
<div class="paragraph">
<p>Theft or destruction of media, documents or equipment</p>
</div>
<div class="paragraph">
<p>Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationretrieval_of_recycled_or_discarded_media">monarc-threat:compromise-of-information="retrieval-of-recycled-or-discarded media"</h4>
<div class="paragraph">
<p>Retrieval of recycled or discarded media</p>
</div>
<div class="paragraph">
<p>Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationmalware_infection">monarc-threat:compromise-of-information="malware-infection"</h4>
<div class="paragraph">
<p>Malware infection</p>
</div>
<div class="paragraph">
<p>Unwanted software that is doing operations seeking to harm the company.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationdata_from_untrustworthy_sources">monarc-threat:compromise-of-information="data-from-untrustworthy-sources"</h4>
<div class="paragraph">
<p>Data from untrustworthy sources</p>
</div>
<div class="paragraph">
<p>Receiving false data or unsuitable equipment from outside sources and using them in the organisation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationdisclosure">monarc-threat:compromise-of-information="disclosure"</h4>
<div class="paragraph">
<p>Disclosure</p>
</div>
<div class="paragraph">
<p>Person who voluntarily or negligently disclosure information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_loss_of_essential_services">loss-of-essential-services</h3>
<div class="sect3">
<h4 id="_monarc_threatloss_of_essential_servicesfailure_of_telecommunication_equipment">monarc-threat:loss-of-essential-services="failure-of-telecommunication-equipment"</h4>
<div class="paragraph">
<p>Failure of telecommunication equipment</p>
</div>
<div class="paragraph">
<p>Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network).</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatloss_of_essential_servicesloss_of_power_supply">monarc-threat:loss-of-essential-services="loss-of-power-supply"</h4>
<div class="paragraph">
<p>Loss of power supply</p>
</div>
<div class="paragraph">
<p>Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier&#8217;s service or from the internal distribution system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatloss_of_essential_servicesfailure_of_air_conditioning">monarc-threat:loss-of-essential-services="failure-of-air-conditioning"</h4>
<div class="paragraph">
<p>Failure of air-conditioning</p>
</div>
<div class="paragraph">
<p>Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_technical_failures">technical-failures</h3>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuressoftware_malfunction">monarc-threat:technical-failures="software-malfunction"</h4>
<div class="paragraph">
<p>Software malfunction</p>
</div>
<div class="paragraph">
<p>Design error, installation error or operating error committed during modification causing incorrect execution.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuresequipment_malfunction_or_failure">monarc-threat:technical-failures="equipment-malfunction-or-failure"</h4>
<div class="paragraph">
<p>Equipment malfunction or failure</p>
</div>
<div class="paragraph">
<p>Logical or physical event causing hardware malfunctions or failures.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuressaturation_of_the_information_system">monarc-threat:technical-failures="saturation-of-the-information-system"</h4>
<div class="paragraph">
<p>Saturation of the information system</p>
</div>
<div class="paragraph">
<p>A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuresbreach_of_information_system_maintainability">monarc-threat:technical-failures="breach-of-information-system-maintainability"</h4>
<div class="paragraph">
<p>Breach of information system maintainability</p>
</div>
<div class="paragraph">
<p>Lack of expertise in the system making retrofitting and upgrading impossible</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_physical_damage">physical-damage</h3>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagedestruction_of_equipment_or_supports">monarc-threat:physical-damage="destruction-of-equipment-or-supports"</h4>
<div class="paragraph">
<p>Destruction of equipment or supports</p>
</div>
<div class="paragraph">
<p>Event causing destruction of equipment or media.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagefire">monarc-threat:physical-damage="fire"</h4>
<div class="paragraph">
<p>Fire</p>
</div>
<div class="paragraph">
<p>Any situation that could facilitate the conflagration of premises or equipment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagewater_damage">monarc-threat:physical-damage="water-damage"</h4>
<div class="paragraph">
<p>Water damage</p>
</div>
<div class="paragraph">
<p>Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagemajor_accident">monarc-threat:physical-damage="major-accident"</h4>
<div class="paragraph">
<p>Major accident</p>
</div>
<div class="paragraph">
<p>Any event that can physically destroy the premises</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagepollution">monarc-threat:physical-damage="pollution"</h4>
<div class="paragraph">
<p>Pollution</p>
</div>
<div class="paragraph">
<p>Presence of dust, vapours, corrosive or toxic gases in the ambient air.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damageenvironmental_disaster">monarc-threat:physical-damage="environmental-disaster"</h4>
<div class="paragraph">
<p>Environmental disaster (fire, flood, dust, dirt, etc.)</p>
</div>
<div class="paragraph">
<p>Any event that can physically ruin the premises</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ms_caro_malware">ms-caro-malware</h2> <h2 id="_ms_caro_malware">ms-caro-malware</h2>
<div class="sectionbody"> <div class="sectionbody">
<div class="admonitionblock note"> <div class="admonitionblock note">
@ -33147,7 +33474,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2018-08-07 17:05:28 CEST Last updated 2018-09-12 09:33:13 CEST
</div> </div>
</div> </div>
</body> </body>

File diff suppressed because it is too large Load Diff