-
Notifications
You must be signed in to change notification settings - Fork 33
/
malware.cljc
56 lines (49 loc) · 2.39 KB
/
malware.cljc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
(ns ctim.schemas.malware
(:require #?(:clj [flanders.core :as f :refer [def-entity-type def-map-type def-eq]]
:cljs [flanders.core :as f :refer-macros [def-entity-type def-map-type def-eq]])
[ctim.schemas.common :as c]
[ctim.schemas.vocabularies :as v]))
(def type-identifier "malware")
(def-eq MalwareTypeIdentifier type-identifier)
(def malware-desc
(str "Malware is a type of TTP that is also known as malicious code and "
"malicious software, and refers to a program that is inserted into "
"a system, usually covertly, with the intent of compromising the "
"confidentiality, integrity, or availability of the victim's data, "
"applications, or operating system (OS) or of otherwise annoying or "
"disrupting the victim. Malware such as viruses and worms are usually "
"designed to perform these nefarious functions in such a way that users "
"are unaware of them, at least initially."))
(def malware-desc-link
"[Malware](https://docs.google.com/document/d/1IvkLxg_tCnICsatu2lyxKmWmh1gY2h8HUNssKIE-UIA/pub#h.s5l7katgbp09)")
(def-entity-type Malware
{:description malware-desc
:reference malware-desc-link}
c/base-entity-entries
c/sourcable-object-entries
(f/required-entries
(f/entry :type MalwareTypeIdentifier)
(f/entry :name c/ShortString
:description "A name used to identify the Malware sample.")
(f/entry :labels [v/MalwareLabel]
:description "The type of malware being described."))
(f/optional-entries
(f/entry :description c/Markdown
:description (str "A description that provides more details and "
"context about the Malware, potentially including "
"its purpose and its key characteristics."))
(f/entry :kill_chain_phases [c/KillChainPhase]
:description (str "The list of Kill Chain Phases for which this "
"Malware can be used."))
(f/entry :x_mitre_aliases [c/ShortString]
:description "ATT&CK Software.aliases")
(f/entry :abstraction_level v/MalwareAbstractions
:description "Malware abstraction level")))
(def-entity-type NewMalware
"For submitting a new Malware"
(:entries Malware)
c/base-new-entity-entries
(f/optional-entries
(f/entry :type MalwareTypeIdentifier)))
(def MalwareRef
(c/ref-for-type type-identifier))