Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
misp-taxonomies/adversary/machinetag.json
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
121 lines (121 sloc)
3.54 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "namespace": "adversary", | |
| "description": "An overview and description of the adversary infrastructure", | |
| "version": 6, | |
| "predicates": [ | |
| { | |
| "value": "infrastructure-status", | |
| "expanded": "Infrastructure Status" | |
| }, | |
| { | |
| "value": "infrastructure-action", | |
| "expanded": "Infrastructure Action" | |
| }, | |
| { | |
| "value": "infrastructure-state", | |
| "expanded": "Infrastructure State" | |
| }, | |
| { | |
| "value": "infrastructure-type", | |
| "expanded": "Infrastructure Type" | |
| } | |
| ], | |
| "values": [ | |
| { | |
| "predicate": "infrastructure-status", | |
| "entry": [ | |
| { | |
| "value": "unknown", | |
| "expanded": "Infrastructure ownership and status is unknown" | |
| }, | |
| { | |
| "value": "compromised", | |
| "expanded": "Infrastructure compromised by or in the benefit of the adversary" | |
| }, | |
| { | |
| "value": "own-and-operated", | |
| "expanded": "Infrastructure own and operated by the adversary" | |
| } | |
| ] | |
| }, | |
| { | |
| "predicate": "infrastructure-action", | |
| "entry": [ | |
| { | |
| "value": "passive-only", | |
| "expanded": "Only passive requests shall be performed to avoid detection by the adversary" | |
| }, | |
| { | |
| "value": "take-down", | |
| "expanded": "Take down requests can be performed in order to deactivate the adversary infrastructure" | |
| }, | |
| { | |
| "value": "monitoring-active", | |
| "expanded": "Monitoring requests are ongoing on the adversary infrastructure" | |
| }, | |
| { | |
| "value": "pending-law-enforcement-request", | |
| "expanded": "Law enforcement requests are ongoing on the adversary infrastructure" | |
| }, | |
| { | |
| "value": "sinkholed", | |
| "expanded": "Infrastructure of the adversary is sinkholed and information is collected" | |
| } | |
| ] | |
| }, | |
| { | |
| "predicate": "infrastructure-state", | |
| "entry": [ | |
| { | |
| "value": "unknown", | |
| "expanded": "Infrastructure state is unknown or cannot be evaluated" | |
| }, | |
| { | |
| "value": "active", | |
| "expanded": "Infrastructure state is active and actively used by the adversary" | |
| }, | |
| { | |
| "value": "down", | |
| "expanded": "Infrastructure state is known to be down" | |
| } | |
| ] | |
| }, | |
| { | |
| "predicate": "infrastructure-type", | |
| "entry": [ | |
| { | |
| "value": "unknown", | |
| "expanded": "Infrastructure usage by the adversary is unknown" | |
| }, | |
| { | |
| "value": "proxy", | |
| "expanded": "Infrastructure used as proxy between the target and the adversary" | |
| }, | |
| { | |
| "value": "drop-zone", | |
| "expanded": "Infrastructure used by the adversary to store information related to his campaigns" | |
| }, | |
| { | |
| "value": "exploit-distribution-point", | |
| "expanded": "Infrastructure used to distribute exploit towards target(s)" | |
| }, | |
| { | |
| "value": "vpn", | |
| "expanded": "Infrastructure used by the adversary as Virtual Private Network to hide activities and reduce the traffic analysis surface" | |
| }, | |
| { | |
| "value": "panel", | |
| "expanded": "Panel used by the adversary to control or maintain his infrastructure" | |
| }, | |
| { | |
| "value": "tds", | |
| "expanded": "Traffic Distribution Systems including exploit delivery or/and web monetization channels" | |
| }, | |
| { | |
| "value": "c2", | |
| "expanded": "C2 infrastructure without known specific type." | |
| } | |
| ] | |
| } | |
| ] | |
| } |