diff --git a/vocabularies/common/ttp-category.json b/vocabularies/common/ttp-category.json index 438eef1..b46922f 100644 --- a/vocabularies/common/ttp-category.json +++ b/vocabularies/common/ttp-category.json @@ -1,37 +1,47 @@ { "values": [ { + "description": "Cover vulnerabilities exploit (0day, 1day, nday), exploit kit", "value": "Exploits" }, { + "description": "Deep-Dark Web forum, marketplace, hosting, etc", "value": "Infrastructure" }, { + "description": "Malware family", "value": "Malware" }, { + "description": "Legitimate SW or HW repurposed for malicious use", "value": "Tools" }, { + "description": "Does not belong to any of the other category", "value": "Other" }, { + "description": "Undetermined category", "value": "Unknown" }, { + "description": "Specific attack patterns (specific to a technology, to an author, not widely used, etc)", "value": "Attack Patterns (S)" }, { + "description": "Generic attack pattern, mehod, technique", "value": "Attack Patterns (G)" }, { + "description": "Non-technical description of threat actor activities (information war, destruction, hybrid, etc)", "value": "Tactic" }, { + "description": "Asset being targeted (MacOS, Android, ICS, IoT, Cryptocurrency, ect)", "value": "Targeting" } ], - "version" : 1, + "version" : 2, "description": "ttp category vocab as defined by Cert EU.", "source": "Cert EU", "author": ["Cert EU"],