Taxonomies updated

pull/2/head
Alexandre Dulaunoy 2017-10-02 12:09:09 +02:00
parent 9fa35cd7b8
commit df3cc581bf
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 74059 additions and 73738 deletions

143
taxonomies.html Normal file → Executable file
View File

@ -441,6 +441,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_analyst_assessment">analyst-assessment</a></li>
<li><a href="#_binary_class">binary-class</a></li>
<li><a href="#_circl">circl</a></li>
<li><a href="#_collaborative_intelligence">collaborative-intelligence</a></li>
<li><a href="#_csirt_case_classification">csirt_case_classification</a></li>
<li><a href="#_cssa">cssa</a></li>
<li><a href="#_ddos">ddos</a></li>
@ -471,7 +472,6 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_passivetotal">passivetotal</a></li>
<li><a href="#_rt_event_status">rt_event_status</a></li>
<li><a href="#_stealth_malware">stealth_malware</a></li>
<li><a href="#_stealth_malware_2">stealth_malware</a></li>
<li><a href="#_stix_ttp">stix-ttp</a></li>
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
<li><a href="#_tlp">tlp</a></li>
@ -1711,6 +1711,101 @@ circl namespace available in JSON format at <a href="https://github.com/MISP/mis
</div>
</div>
<div class="sect1">
<h2 id="_collaborative_intelligence">collaborative-intelligence</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
collaborative-intelligence namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/collaborative-intelligence/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later.</p>
</div>
<div class="sect2">
<h3 id="_request">request</h3>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_sample">collaborative-intelligence:request="sample"</h4>
<div class="paragraph">
<p>Request a binary sample</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_deobfuscated_sample">collaborative-intelligence:request="deobfuscated-sample"</h4>
<div class="paragraph">
<p>Request a deobfuscated sample of the shared sample</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_more_samples">collaborative-intelligence:request="more-samples"</h4>
<div class="paragraph">
<p>Request additional samples compared to the original analysis to build a competitive analysis on the reversing aspect</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_related_samples">collaborative-intelligence:request="related-samples"</h4>
<div class="paragraph">
<p>Request related samples required for further analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_static_analysis">collaborative-intelligence:request="static-analysis"</h4>
<div class="paragraph">
<p>Request additional static analysis or reversing on the information shared</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_context">collaborative-intelligence:request="context"</h4>
<div class="paragraph">
<p>Request more contextual information</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_abuse_contact">collaborative-intelligence:request="abuse-contact"</h4>
<div class="paragraph">
<p>Request an abuse contact to report to</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_historical_information">collaborative-intelligence:request="historical-information"</h4>
<div class="paragraph">
<p>Request more historical information from</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_complementary_validation">collaborative-intelligence:request="complementary-validation"</h4>
<div class="paragraph">
<p>Request complementary validation</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_target_information">collaborative-intelligence:request="target-information"</h4>
<div class="paragraph">
<p>Request about the target(s) including field of activities or companies</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_request_analysis">collaborative-intelligence:request="request-analysis"</h4>
<div class="paragraph">
<p>Request further technical or tactical analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligence_request_more_information">collaborative-intelligence:request="more-information"</h4>
<div class="paragraph">
<p>Request for generic additional information</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_csirt_case_classification">csirt_case_classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -11495,50 +11590,6 @@ stealth_malware namespace available in JSON format at <a href="https://github.co
</div>
</div>
<div class="sect1">
<h2 id="_stealth_malware_2">stealth_malware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
stealth_malware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/stealth_malware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_type_4">type</h3>
<div class="sect3">
<h4 id="_stealth_malware_type_0_2">stealth_malware:type="0"</h4>
<div class="paragraph">
<p>No OS or system compromise. The malware runs as a normal user process using only official API calls.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_i_2">stealth_malware:type="I"</h4>
<div class="paragraph">
<p>The malware modifies constant sections of the kernel and/or processes such as code sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_ii_2">stealth_malware:type="II"</h4>
<div class="paragraph">
<p>The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_iii_2">stealth_malware:type="III"</h4>
<div class="paragraph">
<p>The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_stix_ttp">stix-ttp</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -17904,7 +17955,7 @@ vocabulaire-des-probabilites-estimatives namespace available in JSON format at <
</div>
<div id="footer">
<div id="footer-text">
Last updated 2017-08-16 12:09:58 CEST
Last updated 2017-10-02 12:08:38 CEST
</div>
</div>
</body>

147654
taxonomies.pdf Normal file → Executable file

File diff suppressed because it is too large Load Diff