From 1d9f59eb2d21c2e3c8927914e025257f65002bc1 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Sat, 13 May 2023 08:43:21 +0200 Subject: [PATCH] chg: [attck4fraud] more manual updates with E.A.S.T. data --- clusters/attck4fraud.json | 39 ++++++++++++++++++++++++++++++++++++--- galaxies/attck4fraud.json | 5 +++-- 2 files changed, 39 insertions(+), 5 deletions(-) diff --git a/clusters/attck4fraud.json b/clusters/attck4fraud.json index 56118d5..3de0669 100644 --- a/clusters/attck4fraud.json +++ b/clusters/attck4fraud.json @@ -51,7 +51,10 @@ "https://www.ibtimes.co.uk/russian-hackers-fancy-bear-likely-breached-olympic-drug-testing-agency-dnc-experts-say-1577508", "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" ], - "victim": "end customer, enterprise" + "victim": "end customer, enterprise", + "synonyms": [ + "Spear-phishing" + ] }, "uuid": "41f7cfc1-51ed-4a8d-aba9-34f9c6b8388b", "value": "Spear phishing" @@ -83,6 +86,9 @@ "https://blog.dieboldnixdorf.com/have-you-asked-yourself-this-question-about-skimming/", "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" ], + "synonyms": [ + "Skimming - CPP ATM" + ], "victim": "end customer, enterprise" }, "uuid": "0e45e11c-9c24-49a2-b1fe-5d78a235844b", @@ -97,6 +103,9 @@ "refs": [ "https://medium.com/@netsentries/beware-of-atm-cash-trapping-9421e498dfcf", "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" + ], + "synonyms": [ + "Cash Trapping" ] }, "uuid": "1e709b6e-ff4a-4645-adec-42f9636d38f8", @@ -147,6 +156,9 @@ ], "refs": [ "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" + ], + "synonyms": [ + "Skimming - CPP POS" ] }, "uuid": "c33778e5-b5cc-4d12-8e4e-a329156d988c", @@ -193,6 +205,9 @@ ], "refs": [ "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" + ], + "synonyms": [ + "Black Box Attack" ] }, "uuid": "6bec22cb-9aed-426a-bffc-b0a78db6527a", @@ -229,6 +244,9 @@ ], "refs": [ "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" + ], + "synonyms": [ + "Romance Fraud" ] }, "uuid": "8ac64815-52c0-4d14-a4e4-4a19b2a6057d", @@ -262,6 +280,9 @@ ], "refs": [ "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" + ], + "synonyms": [ + "Invoice Fraud" ] }, "uuid": "a0f764d1-b541-4ee7-bb30-21b9a735f644", @@ -298,20 +319,32 @@ "value": "CxO Fraud" }, { - "description": "Compromised Payment Cards", + "description": "The loss of or theft of a card, which is subsequently used for illegal purposes until blocked by the card issuer.", "meta": { "kill_chain": [ "fraud-tactics:Obtain Fraudulent Assets" + ], + "synonyms": [ + "Lost/Stolen Card" + ], + "refs": [ + "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" ] }, "uuid": "d46e397f-8957-41f1-8736-13400b9e82fc", "value": "Compromised Payment Cards" }, { - "description": "Compromised Account Credentials", + "description": "Account takeover fraud is a form of identity theft in which the fraudster gets access to a victim's bank or credit card accounts -- through a data breach, malware or phishing -- and uses them to make unauthorised transaction.", "meta": { "kill_chain": [ "fraud-tactics:Obtain Fraudulent Assets" + ], + "synonyms": [ + "Account Takeover Fraud" + ], + "refs": [ + "https://www.association-secure-transactions.eu/industry-information/fraud-definitions/" ] }, "uuid": "7d71e71c-502f-412a-8fc7-584de8a9d203", diff --git a/galaxies/attck4fraud.json b/galaxies/attck4fraud.json index a4aad0f..dd21acc 100644 --- a/galaxies/attck4fraud.json +++ b/galaxies/attck4fraud.json @@ -8,12 +8,13 @@ "Perform Fraud", "Obtain Fraudulent Assets", "Assets Transfer", - "Monetisation" + "Monetisation", + "Due Diligence" ] }, "name": "attck4fraud", "namespace": "misp", "type": "financial-fraud", "uuid": "cc0c8ae9-aec2-42c6-9939-f4f82b051836", - "version": 1 + "version": 2 }