From ddccac58c82a4f4e57958a146ee50beec45555df Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Fri, 19 Oct 2018 10:18:14 +0200 Subject: [PATCH 1/2] chg: categorization of galaxies This allows relationships to be created. --- clusters/android.json | 1 + clusters/backdoor.json | 1 + clusters/banker.json | 1 + clusters/botnet.json | 1 + clusters/exploit-kit.json | 1 + clusters/malpedia.json | 1 + clusters/microsoft-activity-group.json | 1 + clusters/mitre-enterprise-attack-intrusion-set.json | 1 + clusters/mitre-enterprise-attack-malware.json | 1 + clusters/mitre-enterprise-attack-tool.json | 1 + clusters/mitre-intrusion-set.json | 1 + clusters/mitre-malware.json | 1 + clusters/mitre-mobile-attack-intrusion-set.json | 1 + clusters/mitre-mobile-attack-malware.json | 1 + clusters/mitre-mobile-attack-tool.json | 1 + clusters/mitre-pre-attack-intrusion-set.json | 1 + clusters/mitre-tool.json | 1 + clusters/ransomware.json | 1 + clusters/rat.json | 1 + clusters/stealer.json | 1 + clusters/tds.json | 1 + clusters/threat-actor.json | 1 + clusters/tool.json | 1 + schema_clusters.json | 3 +++ 24 files changed, 26 insertions(+) diff --git a/clusters/android.json b/clusters/android.json index c84eeae..cf3d24c 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -6,6 +6,7 @@ "name": "Android", "source": "Open Sources", "type": "android", + "category": "tool", "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa", "values": [ { diff --git a/clusters/backdoor.json b/clusters/backdoor.json index a50acdd..9ec8af7 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -6,6 +6,7 @@ "name": "Backdoor", "source": "Open Sources", "type": "backdoor", + "category": "tool", "uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf", "values": [ { diff --git a/clusters/banker.json b/clusters/banker.json index 0937e4f..d179bfe 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -7,6 +7,7 @@ "name": "Banker", "source": "Open Sources", "type": "banker", + "category": "tool", "uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "values": [ { diff --git a/clusters/botnet.json b/clusters/botnet.json index e7d9206..bef45cf 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -6,6 +6,7 @@ "name": "Botnet", "source": "MISP Project", "type": "botnet", + "category": "tool", "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f", "values": [ { diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index dc5cd8c..948e801 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -8,6 +8,7 @@ "name": "Exploit-Kit", "source": "MISP Project", "type": "exploit-kit", + "category": "tool", "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01", "values": [ { diff --git a/clusters/malpedia.json b/clusters/malpedia.json index 721cca0..d06dd07 100644 --- a/clusters/malpedia.json +++ b/clusters/malpedia.json @@ -9,6 +9,7 @@ "name": "Malpedia", "source": "Malpedia", "type": "malpedia", + "category": "tool", "uuid": "5fc98d08-90a4-498a-ad2e-0edf50ef374e", "values": [ { diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index e8f7c7f..d4f1d1f 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -6,6 +6,7 @@ "name": "Microsoft Activity Group actor", "source": "MISP Project", "type": "microsoft-activity-group", + "category": "actor", "uuid": "28b5e55d-acba-4748-a79d-0afa3512689a", "values": [ { diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index b256c4b..a5b24f0 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -6,6 +6,7 @@ "name": "Enterprise Attack -intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-intrusion-set", + "category": "actor", "uuid": "01f18402-1708-11e8-ac1c-1ffb3c4a7775", "values": [ { diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index 1306a7d..f79c6b0 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -6,6 +6,7 @@ "name": "Enterprise Attack - Malware", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-malware", + "category": "tool", "uuid": "fbd79f02-1707-11e8-b1c7-87406102276a", "values": [ { diff --git a/clusters/mitre-enterprise-attack-tool.json b/clusters/mitre-enterprise-attack-tool.json index e14a2d3..3cc3e2c 100644 --- a/clusters/mitre-enterprise-attack-tool.json +++ b/clusters/mitre-enterprise-attack-tool.json @@ -6,6 +6,7 @@ "name": "Enterprise Attack - Tool", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-tool", + "category": "tool", "uuid": "fc1ea6e0-1707-11e8-ac05-2b70d00c354e", "values": [ { diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index c71799d..a768440 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -6,6 +6,7 @@ "name": "intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-intrusion-set", + "category": "actor", "uuid": "10df003c-7831-11e7-bdb9-971cdd1218df", "values": [ { diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index 3a5e96e..10f1bac 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -6,6 +6,7 @@ "name": "Malware", "source": "https://github.com/mitre/cti", "type": "mitre-malware", + "category": "tool", "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4", "values": [ { diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json index 2d563f4..5a2dee4 100644 --- a/clusters/mitre-mobile-attack-intrusion-set.json +++ b/clusters/mitre-mobile-attack-intrusion-set.json @@ -6,6 +6,7 @@ "name": "Mobile Attack - intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-intrusion-set", + "category": "actor", "uuid": "02ab4018-1708-11e8-8f9d-e735aabdfa53", "values": [ { diff --git a/clusters/mitre-mobile-attack-malware.json b/clusters/mitre-mobile-attack-malware.json index 11befb3..5b3637d 100644 --- a/clusters/mitre-mobile-attack-malware.json +++ b/clusters/mitre-mobile-attack-malware.json @@ -6,6 +6,7 @@ "name": "Mobile Attack - Malware", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-malware", + "category": "tool", "uuid": "04a165aa-1708-11e8-b2da-c7d7625f4a4f", "values": [ { diff --git a/clusters/mitre-mobile-attack-tool.json b/clusters/mitre-mobile-attack-tool.json index 848eaa4..6ba33c6 100644 --- a/clusters/mitre-mobile-attack-tool.json +++ b/clusters/mitre-mobile-attack-tool.json @@ -6,6 +6,7 @@ "name": "Mobile Attack - Tool", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-tool", + "category": "tool", "uuid": "02cee87e-1708-11e8-8f15-8b33e4d6194b", "values": [ { diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index da45a89..897c4bf 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -6,6 +6,7 @@ "name": "Pre Attack - intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-pre-attack-intrusion-set", + "category": "actor", "uuid": "1fdc8fa2-1708-11e8-99a3-67b4efc13c4f", "values": [ { diff --git a/clusters/mitre-tool.json b/clusters/mitre-tool.json index aed7bb1..4213cbf 100644 --- a/clusters/mitre-tool.json +++ b/clusters/mitre-tool.json @@ -6,6 +6,7 @@ "name": "Tool", "source": "https://github.com/mitre/cti", "type": "mitre-tool", + "category": "tool", "uuid": "d700dc5c-78f6-11e7-a476-5f748c8e4fe0", "values": [ { diff --git a/clusters/ransomware.json b/clusters/ransomware.json index e30837d..1ffab00 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -7,6 +7,7 @@ "name": "Ransomware", "source": "Various", "type": "ransomware", + "category": "tool", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "values": [ { diff --git a/clusters/rat.json b/clusters/rat.json index fa74895..8848fe1 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -7,6 +7,7 @@ "name": "RAT", "source": "MISP Project", "type": "rat", + "category": "tool", "uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "values": [ { diff --git a/clusters/stealer.json b/clusters/stealer.json index 7af58a1..95f7394 100644 --- a/clusters/stealer.json +++ b/clusters/stealer.json @@ -6,6 +6,7 @@ "name": "Stealer", "source": "Open Sources", "type": "stealer", + "category": "tool", "uuid": "f2ef4033-9001-4427-a418-df8c48e6d054", "values": [ { diff --git a/clusters/tds.json b/clusters/tds.json index ec09cf0..57f60b8 100644 --- a/clusters/tds.json +++ b/clusters/tds.json @@ -6,6 +6,7 @@ "name": "TDS", "source": "MISP Project", "type": "tds", + "category": "tool", "uuid": "ab5fffaa-c5f6-11e6-9d9d-cec0c932ce01", "values": [ { diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index db1a795..56f3069 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10,6 +10,7 @@ "name": "Threat actor", "source": "MISP Project", "type": "threat-actor", + "category": "actor", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", "values": [ { diff --git a/clusters/tool.json b/clusters/tool.json index 1465e42..15f20f6 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -11,6 +11,7 @@ "name": "Tool", "source": "MISP Project", "type": "tool", + "category": "tool", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "values": [ { diff --git a/schema_clusters.json b/schema_clusters.json index 1968d6b..36f22c3 100644 --- a/schema_clusters.json +++ b/schema_clusters.json @@ -23,6 +23,9 @@ "source": { "type": "string" }, + "category": { + "type": "string" + }, "values": { "type": "array", "uniqueItems": true, From 9dddc4427cd7e9489a55e9b9e4fa6894b200a26e Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Fri, 19 Oct 2018 10:23:09 +0200 Subject: [PATCH 2/2] jq --- clusters/android.json | 2 +- clusters/backdoor.json | 2 +- clusters/banker.json | 2 +- clusters/botnet.json | 2 +- clusters/exploit-kit.json | 2 +- clusters/malpedia.json | 2 +- clusters/microsoft-activity-group.json | 2 +- clusters/mitre-enterprise-attack-intrusion-set.json | 2 +- clusters/mitre-enterprise-attack-malware.json | 2 +- clusters/mitre-enterprise-attack-tool.json | 2 +- clusters/mitre-intrusion-set.json | 2 +- clusters/mitre-malware.json | 2 +- clusters/mitre-mobile-attack-intrusion-set.json | 2 +- clusters/mitre-mobile-attack-malware.json | 2 +- clusters/mitre-mobile-attack-tool.json | 2 +- clusters/mitre-pre-attack-intrusion-set.json | 2 +- clusters/mitre-tool.json | 2 +- clusters/ransomware.json | 2 +- clusters/rat.json | 2 +- clusters/stealer.json | 2 +- clusters/tds.json | 2 +- clusters/threat-actor.json | 2 +- clusters/tool.json | 2 +- schema_clusters.json | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/clusters/android.json b/clusters/android.json index cf3d24c..22d4903 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -2,11 +2,11 @@ "authors": [ "Unknown" ], + "category": "tool", "description": "Android malware galaxy based on multiple open sources.", "name": "Android", "source": "Open Sources", "type": "android", - "category": "tool", "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa", "values": [ { diff --git a/clusters/backdoor.json b/clusters/backdoor.json index 9ec8af7..8518a70 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -2,11 +2,11 @@ "authors": [ "raw-data" ], + "category": "tool", "description": "A list of backdoor malware.", "name": "Backdoor", "source": "Open Sources", "type": "backdoor", - "category": "tool", "uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf", "values": [ { diff --git a/clusters/banker.json b/clusters/banker.json index d179bfe..06dc418 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -3,11 +3,11 @@ "Unknown", "raw-data" ], + "category": "tool", "description": "A list of banker malware.", "name": "Banker", "source": "Open Sources", "type": "banker", - "category": "tool", "uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "values": [ { diff --git a/clusters/botnet.json b/clusters/botnet.json index bef45cf..c3ad3ad 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -2,11 +2,11 @@ "authors": [ "Various" ], + "category": "tool", "description": "botnet galaxy", "name": "Botnet", "source": "MISP Project", "type": "botnet", - "category": "tool", "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f", "values": [ { diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index 948e801..3061344 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -4,11 +4,11 @@ "Will Metcalf", "KahuSecurity" ], + "category": "tool", "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years", "name": "Exploit-Kit", "source": "MISP Project", "type": "exploit-kit", - "category": "tool", "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01", "values": [ { diff --git a/clusters/malpedia.json b/clusters/malpedia.json index 118944b..d5fda06 100644 --- a/clusters/malpedia.json +++ b/clusters/malpedia.json @@ -5,11 +5,11 @@ "Andrea Garavaglia", "Davide Arcuri" ], + "category": "tool", "description": "Malware galaxy cluster based on Malpedia.", "name": "Malpedia", "source": "Malpedia", "type": "malpedia", - "category": "tool", "uuid": "5fc98d08-90a4-498a-ad2e-0edf50ef374e", "values": [ { diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json index d4f1d1f..8538392 100644 --- a/clusters/microsoft-activity-group.json +++ b/clusters/microsoft-activity-group.json @@ -2,11 +2,11 @@ "authors": [ "Various" ], + "category": "actor", "description": "Activity groups as described by Microsoft", "name": "Microsoft Activity Group actor", "source": "MISP Project", "type": "microsoft-activity-group", - "category": "actor", "uuid": "28b5e55d-acba-4748-a79d-0afa3512689a", "values": [ { diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json index a5b24f0..5c206c3 100644 --- a/clusters/mitre-enterprise-attack-intrusion-set.json +++ b/clusters/mitre-enterprise-attack-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "Enterprise Attack -intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-intrusion-set", - "category": "actor", "uuid": "01f18402-1708-11e8-ac1c-1ffb3c4a7775", "values": [ { diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json index f79c6b0..1158410 100644 --- a/clusters/mitre-enterprise-attack-malware.json +++ b/clusters/mitre-enterprise-attack-malware.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Enterprise Attack - Malware", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-malware", - "category": "tool", "uuid": "fbd79f02-1707-11e8-b1c7-87406102276a", "values": [ { diff --git a/clusters/mitre-enterprise-attack-tool.json b/clusters/mitre-enterprise-attack-tool.json index 3cc3e2c..7ae49b3 100644 --- a/clusters/mitre-enterprise-attack-tool.json +++ b/clusters/mitre-enterprise-attack-tool.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Enterprise Attack - Tool", "source": "https://github.com/mitre/cti", "type": "mitre-enterprise-attack-tool", - "category": "tool", "uuid": "fc1ea6e0-1707-11e8-ac05-2b70d00c354e", "values": [ { diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json index a768440..90c558a 100644 --- a/clusters/mitre-intrusion-set.json +++ b/clusters/mitre-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-intrusion-set", - "category": "actor", "uuid": "10df003c-7831-11e7-bdb9-971cdd1218df", "values": [ { diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json index 10f1bac..71863f4 100644 --- a/clusters/mitre-malware.json +++ b/clusters/mitre-malware.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Malware", "source": "https://github.com/mitre/cti", "type": "mitre-malware", - "category": "tool", "uuid": "d752161c-78f6-11e7-a0ea-bfa79b407ce4", "values": [ { diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json index 5a2dee4..4f52b18 100644 --- a/clusters/mitre-mobile-attack-intrusion-set.json +++ b/clusters/mitre-mobile-attack-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "Mobile Attack - intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-intrusion-set", - "category": "actor", "uuid": "02ab4018-1708-11e8-8f9d-e735aabdfa53", "values": [ { diff --git a/clusters/mitre-mobile-attack-malware.json b/clusters/mitre-mobile-attack-malware.json index 5b3637d..d78f394 100644 --- a/clusters/mitre-mobile-attack-malware.json +++ b/clusters/mitre-mobile-attack-malware.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Mobile Attack - Malware", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-malware", - "category": "tool", "uuid": "04a165aa-1708-11e8-b2da-c7d7625f4a4f", "values": [ { diff --git a/clusters/mitre-mobile-attack-tool.json b/clusters/mitre-mobile-attack-tool.json index 6ba33c6..6805907 100644 --- a/clusters/mitre-mobile-attack-tool.json +++ b/clusters/mitre-mobile-attack-tool.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Mobile Attack - Tool", "source": "https://github.com/mitre/cti", "type": "mitre-mobile-attack-tool", - "category": "tool", "uuid": "02cee87e-1708-11e8-8f15-8b33e4d6194b", "values": [ { diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json index 897c4bf..94ed408 100644 --- a/clusters/mitre-pre-attack-intrusion-set.json +++ b/clusters/mitre-pre-attack-intrusion-set.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "actor", "description": "Name of ATT&CK Group", "name": "Pre Attack - intrusion Set", "source": "https://github.com/mitre/cti", "type": "mitre-pre-attack-intrusion-set", - "category": "actor", "uuid": "1fdc8fa2-1708-11e8-99a3-67b4efc13c4f", "values": [ { diff --git a/clusters/mitre-tool.json b/clusters/mitre-tool.json index 4213cbf..f428d0d 100644 --- a/clusters/mitre-tool.json +++ b/clusters/mitre-tool.json @@ -2,11 +2,11 @@ "authors": [ "MITRE" ], + "category": "tool", "description": "Name of ATT&CK software", "name": "Tool", "source": "https://github.com/mitre/cti", "type": "mitre-tool", - "category": "tool", "uuid": "d700dc5c-78f6-11e7-a476-5f748c8e4fe0", "values": [ { diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 1ffab00..a44901d 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -3,11 +3,11 @@ "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml", "http://pastebin.com/raw/GHgpWjar" ], + "category": "tool", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar", "name": "Ransomware", "source": "Various", "type": "ransomware", - "category": "tool", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "values": [ { diff --git a/clusters/rat.json b/clusters/rat.json index 8848fe1..1612b6e 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -3,11 +3,11 @@ "Various", "raw-data" ], + "category": "tool", "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.", "name": "RAT", "source": "MISP Project", "type": "rat", - "category": "tool", "uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "values": [ { diff --git a/clusters/stealer.json b/clusters/stealer.json index 95f7394..c54d6c9 100644 --- a/clusters/stealer.json +++ b/clusters/stealer.json @@ -2,11 +2,11 @@ "authors": [ "raw-data" ], + "category": "tool", "description": "A list of malware stealer.", "name": "Stealer", "source": "Open Sources", "type": "stealer", - "category": "tool", "uuid": "f2ef4033-9001-4427-a418-df8c48e6d054", "values": [ { diff --git a/clusters/tds.json b/clusters/tds.json index 57f60b8..5865325 100644 --- a/clusters/tds.json +++ b/clusters/tds.json @@ -2,11 +2,11 @@ "authors": [ "Kafeine" ], + "category": "tool", "description": "TDS is a list of Traffic Direction System used by adversaries", "name": "TDS", "source": "MISP Project", "type": "tds", - "category": "tool", "uuid": "ab5fffaa-c5f6-11e6-9d9d-cec0c932ce01", "values": [ { diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 56f3069..d53e757 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -6,11 +6,11 @@ "Timo Steffens", "Various" ], + "category": "actor", "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "name": "Threat actor", "source": "MISP Project", "type": "threat-actor", - "category": "actor", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", "values": [ { diff --git a/clusters/tool.json b/clusters/tool.json index 15f20f6..3527545 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7,11 +7,11 @@ "Dennis Rand", "raw-data" ], + "category": "tool", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "name": "Tool", "source": "MISP Project", "type": "tool", - "category": "tool", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "values": [ { diff --git a/schema_clusters.json b/schema_clusters.json index 36f22c3..4cf095b 100644 --- a/schema_clusters.json +++ b/schema_clusters.json @@ -25,7 +25,7 @@ }, "category": { "type": "string" - }, + }, "values": { "type": "array", "uniqueItems": true,