forked from MISP/misp-taxonomies
-
Notifications
You must be signed in to change notification settings - Fork 0
/
machinetag.json
459 lines (459 loc) · 16.1 KB
/
machinetag.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
{
"namespace": "ms-caro-malware",
"description": "Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx, https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx, https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx, and http://www.caro.org/definitions/index.html. Malware families are extracted from Microsoft SIRs since 2008 based on https://www.microsoft.com/security/sir/archive/default.aspx and https://www.microsoft.com/en-us/security/portal/threat/threats.aspx. Note that SIRs do NOT include all Microsoft malware families.",
"version": 1,
"predicates": [
{
"value": "malware-type",
"expanded": "Malware Type: What the threat does on a computer"
},
{
"value": "malware-platform",
"expanded": "Malware Platform: Operating system that the threat is designed to work on, scripting language, macros, and other file types"
}
],
"values": [
{
"predicate": "malware-type",
"entry": [
{
"value": "Adware",
"expanded": "Adware - Software that shows you extra promotions that you cannot control as you use your PC"
},
{
"value": "Backdoor",
"expanded": "A type of trojan that gives a malicious hacker access to and control of your PC"
},
{
"value": "Behavior",
"expanded": "A type of detection based on file actions that are often associated with malicious activity"
},
{
"value": "BroswerModifier",
"expanded": "A program than makes changes to your Internet browser without your permission"
},
{
"value": "Constructor",
"expanded": "A program that can be used to automatically create malware files"
},
{
"value": "DDoS",
"expanded": "When a number of PCs are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can't respond"
},
{
"value": "Dialer",
"expanded": "A program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money"
},
{
"value": "DoS",
"expanded": "When a target PC or server is deliberately overloaded so that it doesn't work for any visitors anymore"
},
{
"value": "Exploit",
"expanded": "A piece of code that uses software vulnerabilities to access information on your PC or install malware"
},
{
"value": "HackTool",
"expanded": "A type of tool that can be used to allow and maintain unauthorized access to your PC"
},
{
"value": "Joke",
"expanded": "A program that pretends to do something malicious but actually doesn't actually do anything harmful. For example, some joke programs pretend to delete files or format disks"
},
{
"value": "Misleading",
"expanded": "The program that makes misleading or fraudulent claims about files, registry entries or other items on your PC"
},
{
"value": "MonitoringTool",
"expanded": "A commercial program that monitors what you do on your PC. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your PC"
},
{
"value": "Program",
"expanded": "Software that you may or may not want installed on your PC"
},
{
"value": "PUA",
"expanded": "Potentially Unwanted Applications. Characteristics of unwanted software can include depriving users of adequate choice or control over what the software does to the computer, preventing users from removing the software, or displaying advertisements without clearly identifying their source."
},
{
"value": "PWS",
"expanded": "A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker"
},
{
"value": "Ransom",
"expanded": "A detection for malicious programs that seize control of the computer on which they are installed. This trojan usually locks the screen and prevents the user from using the computer. It usually displays an alert message."
},
{
"value": "RemoteAccess",
"expanded": "A program that gives someone access to your PC from a remote location. This type of program is often installed by the computer owner"
},
{
"value": "Rogue",
"expanded": "Software that pretends to be an antivirus program but doesn't actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don't exist. It also tries to convince you to pay for its services"
},
{
"value": "SettingsModifier",
"expanded": "A program that changes your PC settings"
},
{
"value": "SoftwareBundler",
"expanded": "A program that installs unwanted software on your PC at the same time as the software you are trying to install, without adequate consent"
},
{
"value": "Spammer",
"expanded": "A trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam"
},
{
"value": "Spoofer",
"expanded": "A type of trojan that makes fake emails that look like they are from a legitimate source"
},
{
"value": "Spyware",
"expanded": "A program that collects your personal information, such as your browsing history, and uses it without adequate consent"
},
{
"value": "Tool",
"expanded": "A type of software that may have a legitimate purpose, but which may also be abused by malware authors"
},
{
"value": "Trojan",
"expanded": "A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm , a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC"
},
{
"value": "TrojanClicker",
"expanded": "A type of trojan that can use your PC to click on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is"
},
{
"value": "TrojanDownloader",
"expanded": "A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file."
},
{
"value": "TrojanDropper",
"expanded": "A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file."
},
{
"value": "TrojanNotifier",
"expanded": "A type of trojan that sends information about your PC to a malicious hacker. It is similar to a password stealer"
},
{
"value": "TrojanProxy",
"expanded": "A type of trojan that installs a proxy server on your PC. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by a malicious hacker."
},
{
"value": "TrojanSpy",
"expanded": "A program that collects your personal information, such as your browsing history, and uses it without adequate consent."
},
{
"value": "VirTool",
"expanded": "A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits."
},
{
"value": "Virus",
"expanded": "A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks."
},
{
"value": "Worm",
"expanded": "A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: Email programs, Instant messaging programs, File-sharing programs, Social networking sites, Network shares, Removable drives with Autorun enabled, Software vulnerabilities"
}
]
},
{
"predicate": "malware-platform",
"entry": [
{
"value": "AndroidOS",
"expanded": "Android operating system"
},
{
"value": "DOS",
"expanded": "MS-DOS platform"
},
{
"value": "EPOC",
"expanded": "Psion devices"
},
{
"value": "FreeBSD",
"expanded": "FreeBSD platform"
},
{
"value": "iPhoneOS",
"expanded": "iPhone operating system"
},
{
"value": "Linux",
"expanded": "Linux platform"
},
{
"value": "MacOS",
"expanded": "MAC 9.x platform or earlier"
},
{
"value": "MacOS_X",
"expanded": "MacOS X or later"
},
{
"value": "OS2",
"expanded": "OS2 platform"
},
{
"value": "Palm",
"expanded": "Palm operating system"
},
{
"value": "Solaris",
"expanded": "System V-based Unix platforms"
},
{
"value": "SunOS",
"expanded": "Unix platforms 4.1.3 or earlier"
},
{
"value": "SymbOS",
"expanded": "Symbian operatings system"
},
{
"value": "Unix",
"expanded": "General Unix platforms"
},
{
"value": "Win16",
"expanded": "Win16 (3.1) platform"
},
{
"value": "Win2K",
"expanded": "Windows 2000 platform"
},
{
"value": "Win32",
"expanded": "Windows 32-bit platform"
},
{
"value": "Win64",
"expanded": "Windows 64-bit platform"
},
{
"value": "Win95",
"expanded": "Windows 95, 98 and ME platforms"
},
{
"value": "Win98",
"expanded": "Windows 98 platform only"
},
{
"value": "WinCE",
"expanded": "Windows CE platform"
},
{
"value": "WinNT",
"expanded": "WinNT"
},
{
"value": "ABAP",
"expanded": "Advanced Business Application Programming scripts"
},
{
"value": "ALisp",
"expanded": "ALisp scripts"
},
{
"value": "AmiPro",
"expanded": "AmiPro script"
},
{
"value": "ANSI",
"expanded": "American National Standards Institute scripts"
},
{
"value": "AppleScript",
"expanded": "compiled Apple scripts"
},
{
"value": "ASP",
"expanded": "Active Server Pages scripts"
},
{
"value": "AutoIt",
"expanded": "AutoIT scripts"
},
{
"value": "BAS",
"expanded": "Basic scripts"
},
{
"value": "BAT",
"expanded": "Basic scripts"
},
{
"value": "CorelScript",
"expanded": "Corelscript scripts"
},
{
"value": "HTA",
"expanded": "HTML Application scripts"
},
{
"value": "HTML",
"expanded": "HTML Application scripts"
},
{
"value": "INF",
"expanded": "Install scripts"
},
{
"value": "IRC",
"expanded": "mIRC/pIRC scripts"
},
{
"value": "Java",
"expanded": "Java binaries (classes)"
},
{
"value": "JS",
"expanded": "Javascript scripts"
},
{
"value": "LOGO",
"expanded": "LOGO scripts"
},
{
"value": "MPB",
"expanded": "MapBasic scripts"
},
{
"value": "MSH",
"expanded": "Monad shell scripts"
},
{
"value": "MSIL",
"expanded": ".Net intermediate language scripts"
},
{
"value": "Perl",
"expanded": "Perl scripts"
},
{
"value": "PHP",
"expanded": "Hypertext Preprocessor scripts"
},
{
"value": "Python",
"expanded": "Python scripts"
},
{
"value": "SAP",
"expanded": "SAP platform scripts"
},
{
"value": "SH",
"expanded": "Shell scripts"
},
{
"value": "VBA",
"expanded": "Visual Basic for Applications scripts"
},
{
"value": "VBS",
"expanded": "Visual Basic scripts"
},
{
"value": "WinBAT",
"expanded": "Winbatch scripts"
},
{
"value": "WinHlp",
"expanded": "Windows Help scripts"
},
{
"value": "WinREG",
"expanded": "Windows registry scripts"
},
{
"value": "A97M",
"expanded": "Access 97, 2000, XP, 2003, 2007, and 2010 macros"
},
{
"value": "HE",
"expanded": "macro scripting"
},
{
"value": "O97M",
"expanded": "Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint"
},
{
"value": "PP97M",
"expanded": "PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros"
},
{
"value": "V5M",
"expanded": "Visio5 macros"
},
{
"value": "W1M",
"expanded": "Word1Macro"
},
{
"value": "W2M",
"expanded": "Word2Macro"
},
{
"value": "W97M",
"expanded": "Word 97, 2000, XP, 2003, 2007, and 2010 macros"
},
{
"value": "WM",
"expanded": "Word 95 macros"
},
{
"value": "X97M",
"expanded": "Excel 97, 2000, XP, 2003, 2007, and 2010 macros"
},
{
"value": "XF",
"expanded": "Excel formulas"
},
{
"value": "XM",
"expanded": "Excel 95 macros"
},
{
"value": "ASX",
"expanded": "XML metafile of Windows Media .asf files"
},
{
"value": "HC",
"expanded": "HyperCard Apple scripts"
},
{
"value": "MIME",
"expanded": "MIME packets"
},
{
"value": "Netware",
"expanded": "Novell Netware files"
},
{
"value": "QT",
"expanded": "Quicktime files"
},
{
"value": "SB",
"expanded": "StarBasic (Staroffice XML) files"
},
{
"value": "SWF",
"expanded": "Shockwave Flash files"
},
{
"value": "TSQL",
"expanded": "MS SQL server files"
},
{
"value": "XML",
"expanded": "XML files"
}
]
}
]
}