{
  "values": [
    {
      "value": "Android Trojan"
    },
    {
      "value": "Backdoor"
    },
    {
      "value": "Banking Trojan"
    },
    {
      "value": "Bot"
    },
    {
      "value": "DDoS malware"
    },
    {
      "value": "Espionage malware"
    },
    {
      "value": "Exploit kit"
    },
    {
      "value": "Keylogger"
    },
    {
      "value": "Mac Backdoor"
    },
    {
      "value": "Mac Trojan"
    },
    {
      "value": "Malware site"
    },
    {
      "value": "RAT"
    },
    {
      "value": "Rootkit"
    },
    {
      "value": "SQLI malware"
    },
    {
      "value": "Toolkit"
    },
    {
      "value": "Trojan"
    },
    {
      "value": "Other"
    },
    {
      "value": "Unknown"
    },
    {
      "value": "Ransomware"
    },
    {
      "value": "Dark Net Market"
    },
    {
      "value": "Destructive"
    },
    {
      "value": "Forums"
    },
    {
      "value": "Domain Registration"
    },
    {
      "value": "POS malware"
    },
    {
      "value": "Hosting"
    },
    {
      "value": "ICS"
    },
    {
      "value": "Android app"
    },
    {
      "value": "Privacy"
    },
    {
      "value": "Safe browsing"
    },
    {
      "value": "Safe internet search"
    },
    {
      "value": "Peer-to-peer"
    },
    {
      "value": "Crypto"
    },
    {
      "value": "Social media"
    },
    {
      "value": "Identity Theft"
    },
    {
      "value": "VPN"
    },
    {
      "value": "Speech recognition software"
    },
    {
      "value": "Encrypted email"
    },
    {
      "value": "Messaging"
    },
    {
      "value": "ATM malware"
    },
    {
      "value": "Network mapper"
    },
    {
      "value": "Pentest tool"
    },
    {
      "value": "Authentication bypass"
    },
    {
      "value": "Phishing infra"
    },
    {
      "value": "Dox and ransom"
    },
    {
      "value": "Hot patching"
    },
    {
      "value": "Arsenal"
    },
    {
      "value": "CVE"
    },
    {
      "value": "Fake website"
    },
    {
      "value": "Information stealer"
    },
    {
      "value": "DoS"
    },
    {
      "value": "Worm"
    },
    {
      "value": "Downloader"
    },
    {
      "value": "Loader"
    },
    {
      "value": "Infostealer"
    },
    {
      "value": "RF Signals Intercepter"
    },
    {
      "value": "Wireless Keystroke Logger"
    },
    {
      "value": "Recon tool"
    },
    {
      "value": "Website"
    },
    {
      "value": "Website recon"
    },
    {
      "value": "Malware features"
    },
    {
      "value": "URL shortener service"
    },
    {
      "value": "Information Warfare"
    },
    {
      "value": "Programming language"
    },
    {
      "value": "Port scanner"
    },
    {
      "value": "Installer"
    },
    {
      "value": "CMS exploitation"
    },
    {
      "value": "Remote execution tool"
    },
    {
      "value": "Service"
    },
    {
      "value": "Money miner"
    },
    {
      "value": "Remote administration tool"
    },
    {
      "value": "First-stage"
    },
    {
      "value": "Dropper"
    },
    {
      "value": "Virtual server penetration"
    },
    {
      "value": "Scripting language"
    },
    {
      "value": "Adware"
    },
    {
      "value": "Obfuscation technique"
    },
    {
      "value": "Drive-by attack"
    },
    {
      "value": "PLC worm"
    },
    {
      "value": "Blog"
    },
    {
      "value": "Account checker"
    },
    {
      "value": "Internet Control"
    },
    {
      "value": "C2"
    },
    {
      "value": "Scanning routers"
    },
    {
      "value": "Take over"
    },
    {
      "value": "Credit Card Fraud"
    },
    {
      "value": "DDoS Tool"
    },
    {
      "value": "IoT bot"
    },
    {
      "value": "Targeting"
    },
    {
      "value": "cryptocurrency"
    },
    {
      "value": "Anti-analysis"
    },
    {
      "value": "persistence"
    },
    {
      "value": "Anti-detection"
    },
    {
      "value": "Phishing-theme"
    },
    {
      "value": "OpSec"
    },
    {
      "value": "Automatic phone calls"
    },
    {
      "value": "Selling"
    },
    {
      "value": "Extortion"
    },
    {
      "value": "Watering hole"
    },
    {
      "value": "Sharing platform"
    },
    {
      "value": "Sideloading"
    },
    {"value": "Operating System"
    },
    {"value": "Sample"
    },
    {"value": "Buffer overflow"
    },
    {
      "value": "Online magazine"
    },
    {
      "value": "Spoofing"
    },
    {
      "value": "Ransomware-as-a-Service"
    },
    {
      "value": "Spambot"
    },
    {
      "value": "HTTP bot"
    },
    {
      "value": "Shop"
    },
    {
      "value": "Password recovery"
    },
    {
      "value": "Password manager"
    },
    {
      "value": "Certificate exploit"
    },
    {
      "value": "Mailer"
    },
    {
      "value": "Card"
    },
    {
      "value": "Powershell agent"
    },
    {
      "value": "Skimmer"
    },
    {
      "value": "Exploit"
    },
    {
      "value": "Medical device tampering"
    },
    {
      "value": "App store"
    },
    {
      "value": "Scareware"
    },
    {
      "value": "Payment platform"
    },
    {
      "value": "Man-in-the-middle"
    },
    {
      "value": "Switch ttack"
    },
    {
      "value": "Switch attack"
    },
    {
      "value": "Browser hijacker"
    },
    {
      "value": "Supply chain attack"
    },
    {
      "value": "Powershell scripts"
    },
    {
      "value": "Malicious iFrame injects"
    },
    {
      "value": "Dumps grabber"
    },
    {
      "value": "Exfiltration tool"
    },
    {
      "value": "Code injection"
    },
    {
      "value": "Mobile malware"
    },
    {
      "value": "Zero-Day"
    },
    {
      "value": "Multi-stage implant framework"
    },
    {
      "value": "Second-stage"
    },
    {
      "value": "IRC"
    },
    {
      "value": "Administration"
    },
    {
      "value": "XSS tool"
    },
    {
      "value": "Tracking program"
    },
    {
      "value": "HTTP loader"
    },
    {
      "value": "Spyware"
    },
    {
      "value": "Bitcoin stealer"
    },
    {
      "value": "Phone bot"
    },
    {
      "value": "Video editor"
    },
    {
      "value": "URL shortening service"
    },
    {
      "value": "Fraud"
    },
    {
      "value": "Spreading mechanisms"
    },
    {
      "value": "Android bot"
    },
    {
      "value": "Disinformation"
    },
    {
      "value": "Mineware"
    },
    {
      "value": "CWE"
    },
    {
      "value": "SCADA malware"
    },
    {
      "value": "Crypter"
    },
    {
      "value": "Phishing"
    },
    {
      "value": "Template injection"
    },
    {
      "value": "Credential stealer"
    },
    {
      "value": "Crypto currency exchange and trading platform"
    },
    {
      "value": "cryptocurrency mining malware"
    },
    {
      "value": "Card shop"
    },
    {
      "value": "Evasion"
    },
    {
      "value": "Browser"
    },
    {
      "value": "Wiper"
    },
    {
      "value": "cryptocurrency cloud mining"
    },
    {
      "value": "Distribution vector"
    },
    {
      "value": "Postscript Abuse"
    },
    {
      "value": "Bolware"
    },
    {
      "value": "Software"
    },
    {
      "value": "Proxy malware"
    }
  ],
  "version" : 1,
  "description": "ttp type vocab as defined by Cert EU.",
  "source": "Cert EU",
  "author": ["Cert EU"],
  "uuid": "55224678-b017-11e7-874d-971b517d8cba",
  "type": "ttp-type-vocabulary"
}