misp-galaxy/vocabularies/common/ttp-category.json
2017-10-27 10:46:49 +02:00

50 lines
1.4 KiB
JSON

{
"values": [
{
"description": "Cover vulnerabilities exploit (0day, 1day, nday), exploit kit",
"value": "Exploits"
},
{
"description": "Deep-Dark Web forum, marketplace, hosting, etc",
"value": "Infrastructure"
},
{
"description": "Malware family",
"value": "Malware"
},
{
"description": "Legitimate SW or HW repurposed for malicious use",
"value": "Tools"
},
{
"description": "Does not belong to any of the other category",
"value": "Other"
},
{
"description": "Undetermined category",
"value": "Unknown"
},
{
"description": "Specific attack patterns (specific to a technology, to an author, not widely used, etc)",
"value": "Attack Patterns (S)"
},
{
"description": "Generic attack pattern, mehod, technique",
"value": "Attack Patterns (G)"
},
{
"description": "Non-technical description of threat actor activities (information war, destruction, hybrid, etc)",
"value": "Tactic"
},
{
"description": "Asset being targeted (MacOS, Android, ICS, IoT, Cryptocurrency, ect)",
"value": "Targeting"
}
],
"version" : 2,
"description": "ttp category vocab as defined by Cert EU.",
"source": "Cert EU",
"author": ["Cert EU"],
"uuid": "54e405b6-b017-11e7-b2f7-df581d1a8587",
"type": "ttp-category-vocabulary"
}