mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
Merge branch 'master' into master
This commit is contained in:
commit
7e18f2e509
4 changed files with 328 additions and 0 deletions
|
@ -51,6 +51,7 @@ to localized information (which is not shared) or additional information (that c
|
|||
|
||||
- [clusters/sectors.json](clusters/sectors.json) - Activity sectors
|
||||
- [clusters/cert-eu-govsector.json](clusters/cert-eu-govsector.json) - Cert EU GovSector
|
||||
- [clusters/social-dark-patterns.json](clusters/social-dark-patterns.json) - Social Engineering - Dark Patterns
|
||||
|
||||
# Available Vocabularies
|
||||
|
||||
|
|
292
clusters/social-dark-patterns.json
Normal file
292
clusters/social-dark-patterns.json
Normal file
|
@ -0,0 +1,292 @@
|
|||
{
|
||||
"authors": [
|
||||
"Jean-Louis Huynen"
|
||||
],
|
||||
"category": "dark-patterns",
|
||||
"description": "Dark Patterns are user interface that tricks users into making decisions that benefit the interface's holder to the expense of the user.",
|
||||
"name": "Dark Patterns",
|
||||
"source": "CIRCL",
|
||||
"type": "social-dark-patterns",
|
||||
"uuid": "61397bd8-0cc3-487e-b887-6212ca5b24d3",
|
||||
"values": [
|
||||
{
|
||||
"description": "Repeated requests to do something the firms prefer",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Nagging"
|
||||
],
|
||||
"refs": [
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "1187c11d-7506-4d7d-95a2-a55d9dfe3618",
|
||||
"value": "Nagging"
|
||||
},
|
||||
{
|
||||
"description": "Misleading notice about other consumers' actions",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Social Proof"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "349f3f22-2f5c-4cba-903f-6c9db2c73d9b",
|
||||
"value": "Activity Messages"
|
||||
},
|
||||
{
|
||||
"description": "Misleading statements from customers",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Social Proof"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "ffe91c0a-1aa7-450d-9c2e-28a0292ea513",
|
||||
"value": "Testimonials"
|
||||
},
|
||||
{
|
||||
"description": "Asymmetry between signing up and canceling",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Obstruction"
|
||||
],
|
||||
"refs": [
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "9175e2d8-80bc-4d72-bc28-d5502c47e2ed",
|
||||
"value": "Roach Motel"
|
||||
},
|
||||
{
|
||||
"description": "Frustrates comparison shopping",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Obstruction"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.darkpatterns.org/",
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "0303d7fa-eb2a-417d-ae79-2d5ff4f8b992",
|
||||
"value": "Price Comparison Prevention"
|
||||
},
|
||||
{
|
||||
"description": "Purchases in virtual currency to obscure cost",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Obstruction"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.darkpatterns.org/",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "9f0c9e89-75ab-4b6b-981e-ae8161c0d3e3",
|
||||
"value": "Intermediate Currency"
|
||||
},
|
||||
{
|
||||
"description": "Item consumer did not add is in cart",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Sneaking"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.darkpatterns.org/",
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "c4ae0bb6-cd07-46f5-b2c5-ec2df04e5484",
|
||||
"value": "Sneak into Basket"
|
||||
},
|
||||
{
|
||||
"description": "Costs obscured / disclosed late in transaction",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Sneaking"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.darkpatterns.org/",
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "b2e1e74b-a740-4f8c-b8f4-6822ee7d197d",
|
||||
"value": "Hidden Costs"
|
||||
},
|
||||
{
|
||||
"description": "Unanticipated / undesired automatic renewal",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Sneaking"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.darkpatterns.org/",
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "fbd42a71-0adb-4fb4-a2f7-47c8113d5cab",
|
||||
"value": "Hidden subscription / forced continuity"
|
||||
},
|
||||
{
|
||||
"description": "Customer sold something other than what's originally advertised",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Sneaking"
|
||||
],
|
||||
"refs": [
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "92d3a49e-6443-4dbf-a82a-fbc6e7cb1130",
|
||||
"value": "Bait & Switch"
|
||||
},
|
||||
{
|
||||
"description": "Important information visually obscured",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Interface Interference"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "339df582-ff4d-4d62-9815-58e06014ba8f",
|
||||
"value": "Hidden information / aesthetic manipulation / false hierarchy"
|
||||
},
|
||||
{
|
||||
"description": "Firm-friendly default is preselected",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Interface Interference"
|
||||
],
|
||||
"refs": [
|
||||
"https://petsymposium.org/2016/files/papers/Tales_from_the_Dark_Side__Privacy_Dark_Strategies_and_Privacy_Dark_Patterns.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "c2e274a5-2629-42a5-8c72-fd841f26c819",
|
||||
"value": "Preselection"
|
||||
},
|
||||
{
|
||||
"description": "Emotionally manipulative framing",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Interface Interference"
|
||||
],
|
||||
"refs": [
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "9ca69b66-3497-473e-a0fd-44ff05f20703",
|
||||
"value": "Toying with emotion"
|
||||
},
|
||||
{
|
||||
"description": "Intentional or obvious ambiguity",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Interface Interference"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "edf55230-f295-45d8-9be0-8ceb201154d6",
|
||||
"value": "Trick questions"
|
||||
},
|
||||
{
|
||||
"description": "Consumer induced to click on something that isn’t apparent ad",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Interface Interference"
|
||||
],
|
||||
"refs": [
|
||||
"https://dl.acm.org/citation.cfm?id=3174108",
|
||||
"https://www.darkpatterns.org/types-of-dark-pattern",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "e19cbaaf-0f6d-4607-aff6-0608d361efdf",
|
||||
"value": "Disguised Ad"
|
||||
},
|
||||
{
|
||||
"description": "Choice framed in way that seems dishonest / stupid",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Interface Interference"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://www.darkpatterns.org/types-of-dark-pattern",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "45259adf-e499-42f6-9813-c16a6606b467",
|
||||
"value": "Confirmshaming"
|
||||
},
|
||||
{
|
||||
"description": "Consumer tricked into thinking registration necessary",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Forced Action"
|
||||
],
|
||||
"refs": [
|
||||
"https://petsymposium.org/2016/files/papers/Tales_from_the_Dark_Side__Privacy_Dark_Strategies_and_Privacy_Dark_Patterns.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "6cb4c01c-9edc-40fb-8744-ac866f64c695",
|
||||
"value": "Forced Registration"
|
||||
},
|
||||
{
|
||||
"description": "Consumer falsely informed of limited quantities",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Urgency"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "e8fe07aa-83c1-44c5-9042-fb3449a5ab94",
|
||||
"value": "Low stock / high-demand message"
|
||||
},
|
||||
{
|
||||
"description": "Opportunity ends soon with blatant false visual cue",
|
||||
"meta": {
|
||||
"category": [
|
||||
"Urgency"
|
||||
],
|
||||
"refs": [
|
||||
"https://webtransparency.cs.princeton.edu/dark-patterns/assets/dark-patterns-v2.pdf",
|
||||
"https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3431205"
|
||||
]
|
||||
},
|
||||
"uuid": "bab8c47f-2f1d-47ba-ae53-9c2c49c0f520",
|
||||
"value": "Countdown timer / Limited time message"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
}
|
|
@ -7802,7 +7802,33 @@
|
|||
},
|
||||
"uuid": "200d04c8-a11f-45c4-86fd-35bb5de3f7a3",
|
||||
"value": "Calypso group"
|
||||
},
|
||||
{
|
||||
"description": "Proofpoint researchers detected campaigns from a relatively new actor, tracked internally as TA2101, targeting German companies and organizations to deliver and install backdoor malware. The actor initiated their campaigns impersonating the Bundeszentralamt fur Steuern, the German Federal Ministry of Finance, with lookalike domains, verbiage, and stolen branding in the emails. For their campaigns in Germany, the actor chose Cobalt Strike, a commercially licensed software tool that is generally used for penetration testing and emulates the type of backdoor framework used by Metasploit, a similar penetration testing tool. Proofpoint researchers have also observed this actor distributing Maze ransomware, employing similar social engineering techniques to those it uses for Cobalt Strike, while also targeting organizations in Italy and impersonating the Agenzia Delle Entrate, the Italian Revenue Agency. We have also recently observed the actor targeting organizations in the United States using the IcedID banking Trojan while impersonating the United States Postal Service (USPS).",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us"
|
||||
]
|
||||
},
|
||||
"uuid": "39925aa0-c7bf-4b9b-97d6-7d600329453d",
|
||||
"value": "TA2101"
|
||||
},
|
||||
{
|
||||
"description": "As reported by ZDNet, Chinese cyber-security vendor Qihoo 360 published a report on 2019-11-29 exposing an extensive hacking operation targeting the country of Kazakhstan. Targets included individuals and organizations involving all walks of life, such as government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, the educational sector, religious figures, government dissidents, and foreign diplomats alike. The campaign, Qihoo 360 said, was broad, and appears to have been carried by a threat actor with considerable resources, and one who had the ability to develop their private hacking tools, buy expensive spyware off the surveillance market, and even invest in radio communications interception hardware.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html",
|
||||
"https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Golden Falcon"
|
||||
]
|
||||
},
|
||||
"uuid": "feb0cfef-0472-4108-83d7-1a322d8ab86b",
|
||||
"value": "APT-C-34"
|
||||
}
|
||||
],
|
||||
|
||||
"version": 144
|
||||
"version": 146
|
||||
}
|
||||
|
|
9
galaxies/social-dark-patterns.json
Normal file
9
galaxies/social-dark-patterns.json
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Social Engineering - Dark Patterns",
|
||||
"icon": "link",
|
||||
"name": "Dark Patterns",
|
||||
"namespace": "misp",
|
||||
"type": "social-dark-patterns",
|
||||
"uuid": "41c42956-972e-4eef-a3e3-ef3ea35ff1f8",
|
||||
"version": 1
|
||||
}
|
Loading…
Reference in a new issue