зеркало из https://github.com/mozilla/MozDef.git
1306 строки
23 KiB
JSON
1306 строки
23 KiB
JSON
{
|
|
"action": {
|
|
"error": {
|
|
"variety": [
|
|
"Capacity shortage",
|
|
"Classification error",
|
|
"Data entry error",
|
|
"Disposal error",
|
|
"Gaffe",
|
|
"Loss",
|
|
"Maintenance error",
|
|
"Malfunction",
|
|
"Misconfiguration",
|
|
"Misdelivery",
|
|
"Misinformation",
|
|
"Omission",
|
|
"Physical accidents",
|
|
"Programming error",
|
|
"Publishing error",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"vector": [
|
|
"Carelessness",
|
|
"Inadequate personnel",
|
|
"Inadequate processes",
|
|
"Inadequate technology",
|
|
"Random error",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"hacking": {
|
|
"result": [
|
|
"Infiltrate",
|
|
"Exfiltrate",
|
|
"Elevate"
|
|
],
|
|
"variety": [
|
|
"Abuse of functionality",
|
|
"Brute force",
|
|
"Buffer overflow",
|
|
"Cache poisoning",
|
|
"Cryptanalysis",
|
|
"CSRF",
|
|
"DoS",
|
|
"Exploit misconfig",
|
|
"Exploit vuln",
|
|
"Footprinting",
|
|
"Forced browsing",
|
|
"Format string attack",
|
|
"Fuzz testing",
|
|
"HTTP request smuggling",
|
|
"HTTP request splitting",
|
|
"HTTP response smuggling",
|
|
"HTTP Response Splitting",
|
|
"Integer overflows",
|
|
"LDAP injection",
|
|
"Mail command injection",
|
|
"MitM",
|
|
"Null byte injection",
|
|
"Offline cracking",
|
|
"OS commanding",
|
|
"Path traversal",
|
|
"Reverse engineering",
|
|
"RFI",
|
|
"Routing detour",
|
|
"Session fixation",
|
|
"Session prediction",
|
|
"Session replay",
|
|
"Soap array abuse",
|
|
"Special element injection",
|
|
"SQLi",
|
|
"SSI injection",
|
|
"URL redirector abuse",
|
|
"Use of backdoor or C2",
|
|
"Use of stolen creds",
|
|
"Virtual machine escape",
|
|
"XML attribute blowup",
|
|
"XML entity expansion",
|
|
"XML external entities",
|
|
"XML injection",
|
|
"XPath injection",
|
|
"XQuery injection",
|
|
"XSS",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"vector": [
|
|
"3rd party desktop",
|
|
"Backdoor or C2",
|
|
"Command shell",
|
|
"Desktop sharing",
|
|
"Desktop sharing software",
|
|
"Partner",
|
|
"Physical access",
|
|
"VPN",
|
|
"Web application",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"malware": {
|
|
"result": [
|
|
"Infiltrate",
|
|
"Exfiltrate",
|
|
"Elevate"
|
|
],
|
|
"variety": [
|
|
"Adminware",
|
|
"Adware",
|
|
"Backdoor",
|
|
"Brute force",
|
|
"C2",
|
|
"Capture app data",
|
|
"Capture stored data",
|
|
"Click fraud",
|
|
"Click fraud and Cryptocurrency mining",
|
|
"Client-side attack",
|
|
"Cryptocurrency mining",
|
|
"Destroy data",
|
|
"Disable controls",
|
|
"DoS",
|
|
"Downloader",
|
|
"Exploit misconfig",
|
|
"Exploit vuln",
|
|
"Export data",
|
|
"Modify data",
|
|
"Packet sniffer",
|
|
"Password dumper",
|
|
"Ram scraper",
|
|
"Ransomware",
|
|
"Rootkit",
|
|
"Scan network",
|
|
"Spam",
|
|
"Spyware/Keylogger",
|
|
"SQL injection",
|
|
"Worm",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"vector": [
|
|
"Direct install",
|
|
"Download by malware",
|
|
"Email attachment",
|
|
"Email autoexecute",
|
|
"Email link",
|
|
"Email unknown",
|
|
"Instant messaging",
|
|
"Network propagation",
|
|
"Remote injection",
|
|
"Removable media",
|
|
"Software update",
|
|
"Web download",
|
|
"Web drive-by",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"environmental": {
|
|
"variety": [
|
|
"Deterioration",
|
|
"Earthquake",
|
|
"EMI",
|
|
"ESD",
|
|
"Fire",
|
|
"Flood",
|
|
"Hazmat",
|
|
"Humidity",
|
|
"Hurricane",
|
|
"Ice",
|
|
"Landslide",
|
|
"Leak",
|
|
"Lightning",
|
|
"Meteorite",
|
|
"Particulates",
|
|
"Pathogen",
|
|
"Power failure",
|
|
"Temperature",
|
|
"Tornado",
|
|
"Tsunami",
|
|
"Vermin",
|
|
"Volcano",
|
|
"Wind",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"misuse": {
|
|
"result": [
|
|
"Infiltrate",
|
|
"Exfiltrate",
|
|
"Elevate"
|
|
],
|
|
"variety": [
|
|
"Data mishandling",
|
|
"Email misuse",
|
|
"Embezzlement",
|
|
"Illicit content",
|
|
"Knowledge abuse",
|
|
"Net misuse",
|
|
"Possession abuse",
|
|
"Privilege abuse",
|
|
"Unapproved hardware",
|
|
"Unapproved software",
|
|
"Unapproved workaround",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"vector": [
|
|
"LAN access",
|
|
"Non-corporate",
|
|
"Physical access",
|
|
"Remote access",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"environmental": {
|
|
"variety": [
|
|
"Deterioration",
|
|
"Earthquake",
|
|
"EMI",
|
|
"ESD",
|
|
"Fire",
|
|
"Flood",
|
|
"Hazmat",
|
|
"Humidity",
|
|
"Hurricane",
|
|
"Ice",
|
|
"Landslide",
|
|
"Leak",
|
|
"Lightning",
|
|
"Meteorite",
|
|
"Particulates",
|
|
"Pathogen",
|
|
"Power failure",
|
|
"Temperature",
|
|
"Tornado",
|
|
"Tsunami",
|
|
"Vermin",
|
|
"Volcano",
|
|
"Wind",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"physical": {
|
|
"result": [
|
|
"Infiltrate",
|
|
"Exfiltrate",
|
|
"Elevate"
|
|
],
|
|
"variety": [
|
|
"Assault",
|
|
"Bypassed controls",
|
|
"Connection",
|
|
"Destruction",
|
|
"Disabled controls",
|
|
"Skimmer",
|
|
"Sabotage",
|
|
"Snooping",
|
|
"Surveillance",
|
|
"Tampering",
|
|
"Theft",
|
|
"Wiretapping",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"vector": [
|
|
"Partner facility",
|
|
"Partner vehicle",
|
|
"Personal residence",
|
|
"Personal vehicle",
|
|
"Privileged Access",
|
|
"Uncontrolled location",
|
|
"Public facility",
|
|
"Public vehicle",
|
|
"Victim secure area",
|
|
"Victim work area",
|
|
"Victim public area",
|
|
"Victim grounds",
|
|
"Visitor privileges",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"social": {
|
|
"result": [
|
|
"Infiltrate",
|
|
"Exfiltrate",
|
|
"Elevate"
|
|
],
|
|
"target": [
|
|
"Auditor",
|
|
"Call center",
|
|
"Cashier",
|
|
"Customer",
|
|
"Developer",
|
|
"End-user",
|
|
"Executive",
|
|
"Finance",
|
|
"Former employee",
|
|
"Guard",
|
|
"Helpdesk",
|
|
"Human resources",
|
|
"Maintenance",
|
|
"Manager",
|
|
"Partner",
|
|
"System admin",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"variety": [
|
|
"Baiting",
|
|
"Bribery",
|
|
"Elicitation",
|
|
"Extortion",
|
|
"Forgery",
|
|
"Influence",
|
|
"Phishing",
|
|
"Pretexting",
|
|
"Propaganda",
|
|
"Scam",
|
|
"Spam",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"vector": [
|
|
"Documents",
|
|
"Email",
|
|
"IM",
|
|
"In-person",
|
|
"Phone",
|
|
"Removable media",
|
|
"SMS",
|
|
"Social media",
|
|
"Software",
|
|
"Website",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
}
|
|
},
|
|
"actor": {
|
|
"external": {
|
|
"variety": [
|
|
"Acquaintance",
|
|
"Activist",
|
|
"Auditor",
|
|
"Competitor",
|
|
"Customer",
|
|
"Force majeure",
|
|
"Former employee",
|
|
"Nation-state",
|
|
"Organized crime",
|
|
"State-affiliated",
|
|
"Terrorist",
|
|
"Unaffiliated",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"motive": [
|
|
"Convenience",
|
|
"Espionage",
|
|
"Fear",
|
|
"Financial",
|
|
"Fun",
|
|
"Grudge",
|
|
"Ideology",
|
|
"NA",
|
|
"Secondary",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"internal": {
|
|
"variety": [
|
|
"Auditor",
|
|
"Call center",
|
|
"Cashier",
|
|
"Developer",
|
|
"Doctor or nurse",
|
|
"End-user",
|
|
"Executive",
|
|
"Finance",
|
|
"Guard",
|
|
"Helpdesk",
|
|
"Human resources",
|
|
"Maintenance",
|
|
"Manager",
|
|
"System admin",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"job_change": [
|
|
"Demoted",
|
|
"Hired",
|
|
"Job eval",
|
|
"Lateral move",
|
|
"Terminated",
|
|
"Passed over",
|
|
"Personal issues",
|
|
"Promoted",
|
|
"Resigned",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"motive": [
|
|
"Convenience",
|
|
"NA",
|
|
"Espionage",
|
|
"Fear",
|
|
"Financial",
|
|
"Fun",
|
|
"Grudge",
|
|
"Ideology",
|
|
"Secondary",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
}
|
|
},
|
|
"asset": {
|
|
"accessibility": [
|
|
"External",
|
|
"Internal",
|
|
"Isolated",
|
|
"Unknown",
|
|
"NA"
|
|
],
|
|
"cloud": [
|
|
"Customer attack",
|
|
"Hypervisor",
|
|
"Partner application",
|
|
"Hosting governance",
|
|
"Hosting error",
|
|
"Microservices",
|
|
"User breakout",
|
|
"NA",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"country": [
|
|
"AD",
|
|
"AE",
|
|
"AF",
|
|
"AG",
|
|
"AI",
|
|
"AL",
|
|
"AM",
|
|
"AO",
|
|
"AQ",
|
|
"AR",
|
|
"AS",
|
|
"AT",
|
|
"AU",
|
|
"AW",
|
|
"AX",
|
|
"AZ",
|
|
"BA",
|
|
"BB",
|
|
"BD",
|
|
"BE",
|
|
"BF",
|
|
"BG",
|
|
"BH",
|
|
"BI",
|
|
"BJ",
|
|
"BL",
|
|
"BM",
|
|
"BN",
|
|
"BO",
|
|
"BQ",
|
|
"BR",
|
|
"BS",
|
|
"BT",
|
|
"BV",
|
|
"BW",
|
|
"BY",
|
|
"BZ",
|
|
"CA",
|
|
"CC",
|
|
"CD",
|
|
"CF",
|
|
"CG",
|
|
"CH",
|
|
"CI",
|
|
"CK",
|
|
"CL",
|
|
"CM",
|
|
"CN",
|
|
"CO",
|
|
"CR",
|
|
"CU",
|
|
"CV",
|
|
"CW",
|
|
"CX",
|
|
"CY",
|
|
"CZ",
|
|
"DE",
|
|
"DJ",
|
|
"DK",
|
|
"DM",
|
|
"DO",
|
|
"DZ",
|
|
"EC",
|
|
"EE",
|
|
"EG",
|
|
"EH",
|
|
"ER",
|
|
"ES",
|
|
"ET",
|
|
"FI",
|
|
"FJ",
|
|
"FK",
|
|
"FM",
|
|
"FO",
|
|
"FR",
|
|
"GA",
|
|
"GB",
|
|
"GD",
|
|
"GE",
|
|
"GF",
|
|
"GG",
|
|
"GH",
|
|
"GI",
|
|
"GL",
|
|
"GM",
|
|
"GN",
|
|
"GP",
|
|
"GQ",
|
|
"GR",
|
|
"GS",
|
|
"GT",
|
|
"GU",
|
|
"GW",
|
|
"GY",
|
|
"HK",
|
|
"HM",
|
|
"HN",
|
|
"HR",
|
|
"HT",
|
|
"HU",
|
|
"ID",
|
|
"IE",
|
|
"IL",
|
|
"IM",
|
|
"IN",
|
|
"IO",
|
|
"IQ",
|
|
"IR",
|
|
"IS",
|
|
"IT",
|
|
"JE",
|
|
"JM",
|
|
"JO",
|
|
"JP",
|
|
"KE",
|
|
"KG",
|
|
"KH",
|
|
"KI",
|
|
"KM",
|
|
"KN",
|
|
"KP",
|
|
"KR",
|
|
"KW",
|
|
"KY",
|
|
"KZ",
|
|
"LA",
|
|
"LB",
|
|
"LC",
|
|
"LI",
|
|
"LK",
|
|
"LR",
|
|
"LS",
|
|
"LT",
|
|
"LU",
|
|
"LV",
|
|
"LY",
|
|
"MA",
|
|
"MC",
|
|
"MD",
|
|
"ME",
|
|
"MF",
|
|
"MG",
|
|
"MH",
|
|
"MK",
|
|
"ML",
|
|
"MM",
|
|
"MN",
|
|
"MO",
|
|
"MP",
|
|
"MQ",
|
|
"MR",
|
|
"MS",
|
|
"MT",
|
|
"MU",
|
|
"MV",
|
|
"MW",
|
|
"MX",
|
|
"MY",
|
|
"MZ",
|
|
"NA",
|
|
"NC",
|
|
"NE",
|
|
"NF",
|
|
"NG",
|
|
"NI",
|
|
"NL",
|
|
"NO",
|
|
"NP",
|
|
"NR",
|
|
"NU",
|
|
"NZ",
|
|
"OM",
|
|
"Other",
|
|
"PA",
|
|
"PE",
|
|
"PF",
|
|
"PG",
|
|
"PH",
|
|
"PK",
|
|
"PL",
|
|
"PM",
|
|
"PN",
|
|
"PR",
|
|
"PS",
|
|
"PT",
|
|
"PW",
|
|
"PY",
|
|
"QA",
|
|
"RE",
|
|
"RO",
|
|
"RS",
|
|
"RU",
|
|
"RW",
|
|
"SA",
|
|
"SB",
|
|
"SC",
|
|
"SD",
|
|
"SE",
|
|
"SG",
|
|
"SH",
|
|
"SI",
|
|
"SJ",
|
|
"SK",
|
|
"SL",
|
|
"SM",
|
|
"SN",
|
|
"SO",
|
|
"SR",
|
|
"SS",
|
|
"ST",
|
|
"SV",
|
|
"SX",
|
|
"SY",
|
|
"SZ",
|
|
"TC",
|
|
"TD",
|
|
"TF",
|
|
"TG",
|
|
"TH",
|
|
"TJ",
|
|
"TK",
|
|
"TL",
|
|
"TM",
|
|
"TN",
|
|
"TO",
|
|
"TR",
|
|
"TT",
|
|
"TV",
|
|
"TW",
|
|
"TZ",
|
|
"UA",
|
|
"UG",
|
|
"UM",
|
|
"US",
|
|
"UY",
|
|
"UZ",
|
|
"Unknown",
|
|
"VA",
|
|
"VC",
|
|
"VE",
|
|
"VG",
|
|
"VI",
|
|
"VN",
|
|
"VU",
|
|
"WF",
|
|
"WS",
|
|
"YE",
|
|
"YT",
|
|
"ZA",
|
|
"ZM",
|
|
"ZW"
|
|
],
|
|
"hosting": [
|
|
"Internal",
|
|
"External shared",
|
|
"External dedicated",
|
|
"External unknown",
|
|
"Unknown",
|
|
"NA"
|
|
],
|
|
"management": [
|
|
"Internal",
|
|
"External",
|
|
"Co-managed",
|
|
"NA",
|
|
"Unknown"
|
|
],
|
|
"ownership": [
|
|
"Victim",
|
|
"Employee",
|
|
"Partner",
|
|
"Customer",
|
|
"NA",
|
|
"Unknown"
|
|
],
|
|
"variety": [
|
|
"S - Authentication",
|
|
"S - Backup",
|
|
"S - Configuration",
|
|
"S - Code repository",
|
|
"S - Database",
|
|
"S - DCS",
|
|
"S - DHCP",
|
|
"S - Directory",
|
|
"S - DNS",
|
|
"S - File",
|
|
"S - ICS",
|
|
"S - Log",
|
|
"S - Mail",
|
|
"S - Mainframe",
|
|
"S - Patch management",
|
|
"S - Payment switch",
|
|
"S - POS controller",
|
|
"S - Print",
|
|
"S - Proxy",
|
|
"S - Remote access",
|
|
"S - SCADA",
|
|
"S - VM host",
|
|
"S - Web application",
|
|
"S - Other",
|
|
"S - Unknown",
|
|
"N - Access reader",
|
|
"N - Broadband",
|
|
"N - Camera",
|
|
"N - Firewall",
|
|
"N - HSM",
|
|
"N - IDS",
|
|
"N - LAN",
|
|
"N - NAS",
|
|
"N - PBX",
|
|
"N - PLC",
|
|
"N - Private WAN",
|
|
"N - Public WAN",
|
|
"N - Router or switch",
|
|
"N - RTU",
|
|
"N - SAN",
|
|
"N - Telephone",
|
|
"N - VoIP adapter",
|
|
"N - WLAN",
|
|
"N - Other",
|
|
"N - Unknown",
|
|
"E - Telemetry",
|
|
"E - Telematics",
|
|
"E - Other",
|
|
"E - Unknown",
|
|
"U - Auth token",
|
|
"U - Desktop",
|
|
"U - Laptop",
|
|
"U - Media",
|
|
"U - Mobile phone",
|
|
"U - Peripheral",
|
|
"U - POS terminal",
|
|
"U - Tablet",
|
|
"U - Telephone",
|
|
"U - VoIP phone",
|
|
"U - Other",
|
|
"U - Unknown",
|
|
"T - ATM",
|
|
"T - Gas terminal",
|
|
"T - Kiosk",
|
|
"T - PED pad",
|
|
"T - Other",
|
|
"T - Unknown",
|
|
"M - Disk drive",
|
|
"M - Disk media",
|
|
"M - Documents",
|
|
"M - Flash drive",
|
|
"M - Payment card",
|
|
"M - Smart card",
|
|
"M - Tapes",
|
|
"M - Other",
|
|
"M - Unknown",
|
|
"P - Auditor",
|
|
"P - Call center",
|
|
"P - Cashier",
|
|
"P - Customer",
|
|
"P - Developer",
|
|
"P - End-user",
|
|
"P - Executive",
|
|
"P - Finance",
|
|
"P - Former employee",
|
|
"P - Guard",
|
|
"P - Helpdesk",
|
|
"P - Human resources",
|
|
"P - Maintenance",
|
|
"P - Manager",
|
|
"P - Partner",
|
|
"P - System admin",
|
|
"P - Other",
|
|
"P - Unknown",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"attribute": {
|
|
"availability": {
|
|
"duration": {
|
|
"unit": [
|
|
"Seconds",
|
|
"Minutes",
|
|
"Hours",
|
|
"Days",
|
|
"Weeks",
|
|
"Months",
|
|
"Years",
|
|
"Never",
|
|
"NA",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"variety": [
|
|
"Destruction",
|
|
"Loss",
|
|
"Interruption",
|
|
"Degradation",
|
|
"Acceleration",
|
|
"Obscuration",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"confidentiality": {
|
|
"data": {
|
|
"variety": [
|
|
"Bank",
|
|
"Classified",
|
|
"Copyrighted",
|
|
"Credentials",
|
|
"Digital certificate",
|
|
"Internal",
|
|
"Medical",
|
|
"Payment",
|
|
"Personal",
|
|
"Secrets",
|
|
"Source code",
|
|
"System",
|
|
"Virtual currency",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"data_disclosure": [
|
|
"Yes",
|
|
"Potentially",
|
|
"No",
|
|
"Unknown"
|
|
],
|
|
"data_victim": [
|
|
"Customer",
|
|
"Employee",
|
|
"Partner",
|
|
"Patient",
|
|
"Student",
|
|
"Victim organization",
|
|
"Other",
|
|
"Unknown"
|
|
],
|
|
"state": [
|
|
"Printed",
|
|
"Processed",
|
|
"Stored",
|
|
"Stored encrypted",
|
|
"Stored unencrypted",
|
|
"Transmitted",
|
|
"Transmitted encrypted",
|
|
"Transmitted unencrypted",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"integrity": {
|
|
"variety": [
|
|
"Alter behavior",
|
|
"Created account",
|
|
"Defacement",
|
|
"Fraudulent transaction",
|
|
"Hardware tampering",
|
|
"Log tampering",
|
|
"Misappropriation",
|
|
"Misrepresentation",
|
|
"Modify configuration",
|
|
"Modify privileges",
|
|
"Modify data",
|
|
"Software installation",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
}
|
|
},
|
|
"confidence": [
|
|
"High",
|
|
"Medium",
|
|
"Low",
|
|
"None"
|
|
],
|
|
"cost_corrective_action": [
|
|
"Simple and cheap",
|
|
"Difficult and expensive",
|
|
"Something in-between",
|
|
"Unknown"
|
|
],
|
|
"discovery_method": {
|
|
"internal": {
|
|
"variety": [
|
|
"Antivirus",
|
|
"Break in discovered",
|
|
"Data loss prevention",
|
|
"Financial Audit",
|
|
"Fraud Detection",
|
|
"HIDS",
|
|
"Incident Response",
|
|
"Infrastructure monitoring",
|
|
"IT review",
|
|
"Log review",
|
|
"NIDS",
|
|
"Other",
|
|
"Reported by employee",
|
|
"Security alarm",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"external": {
|
|
"variety": [
|
|
"Actor disclosure",
|
|
"Audit",
|
|
"Customer",
|
|
"Emergency response team",
|
|
"Found documents",
|
|
"Fraud detection",
|
|
"Incident respose",
|
|
"Law enforcement",
|
|
"Monitoring service",
|
|
"Other",
|
|
"Security researcher",
|
|
"Suspicious traffic",
|
|
"Unknown",
|
|
"Unrelated third party"
|
|
]
|
|
},
|
|
"partner": {
|
|
"variety": [
|
|
"Antivirus",
|
|
"Audit",
|
|
"Incident Response",
|
|
"Monitoring service",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
}
|
|
},
|
|
"impact": {
|
|
"loss": {
|
|
"rating": [
|
|
"Major",
|
|
"Moderate",
|
|
"Minor",
|
|
"None",
|
|
"Unknown"
|
|
],
|
|
"variety": [
|
|
"Asset and fraud",
|
|
"Brand damage",
|
|
"Business disruption",
|
|
"Operating costs",
|
|
"Legal and regulatory",
|
|
"Competitive advantage",
|
|
"Response and recovery"
|
|
]
|
|
},
|
|
"overall_rating": [
|
|
"Insignificant",
|
|
"Distracting",
|
|
"Painful",
|
|
"Damaging",
|
|
"Catastrophic",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"security_incident": [
|
|
"Confirmed",
|
|
"Suspected",
|
|
"False positive",
|
|
"Near miss"
|
|
],
|
|
"targeted": [
|
|
"Opportunistic",
|
|
"Targeted",
|
|
"NA",
|
|
"Unknown"
|
|
],
|
|
"timeline": {
|
|
"unit": [
|
|
"NA",
|
|
"Seconds",
|
|
"Minutes",
|
|
"Hours",
|
|
"Days",
|
|
"Weeks",
|
|
"Months",
|
|
"Years",
|
|
"Never",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"value-chain": {
|
|
"cash-out": {
|
|
"variety": [
|
|
"Cryptocurrency",
|
|
"Hijacked rewards",
|
|
"Sell stolen goods",
|
|
"Fraud",
|
|
"Direct",
|
|
"Provide service",
|
|
"NA",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"development": {
|
|
"variety": [
|
|
"Bot",
|
|
"Trojan",
|
|
"Payload",
|
|
"Website",
|
|
"Exploit",
|
|
"Persona",
|
|
"Ransomware",
|
|
"Exploit kits",
|
|
"NA",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"money-laundering": {
|
|
"variety": [
|
|
"Cryptocurrency tumbling",
|
|
"Smurfing",
|
|
"Physical",
|
|
"Employment",
|
|
"Re-shipping",
|
|
"Gambling",
|
|
"Bank",
|
|
"Company"
|
|
]
|
|
},
|
|
"non-distribution services": {
|
|
"variety": [
|
|
"Counter AV",
|
|
"DNS",
|
|
"Hashcracking",
|
|
"Marketplace",
|
|
"Proxy",
|
|
"VPN",
|
|
"NA",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"distribution": {
|
|
"variety": [
|
|
"Website",
|
|
"Botnet",
|
|
"Compromised server",
|
|
"Email",
|
|
"Phone",
|
|
"Loader",
|
|
"NA",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
},
|
|
"targeting": {
|
|
"variety": [
|
|
"Lost or stolen credentials",
|
|
"Default credentials",
|
|
"Email addresses",
|
|
"Vulnerabilities",
|
|
"Misconfigurations",
|
|
"Weaknesses",
|
|
"Personal information",
|
|
"Organizational information",
|
|
"NA",
|
|
"Other",
|
|
"Unknown"
|
|
]
|
|
}
|
|
},
|
|
"victim": {
|
|
"employee_count": [
|
|
"1 to 10",
|
|
"11 to 100",
|
|
"101 to 1000",
|
|
"Small",
|
|
"Large",
|
|
"1001 to 10000",
|
|
"10001 to 25000",
|
|
"25001 to 50000",
|
|
"50001 to 100000",
|
|
"Over 100000",
|
|
"Unknown"
|
|
],
|
|
"revenue": {
|
|
"iso_currency_code": [
|
|
"AED",
|
|
"AFN",
|
|
"ALL",
|
|
"AMD",
|
|
"ANG",
|
|
"AOA",
|
|
"ARS",
|
|
"AUD",
|
|
"AWG",
|
|
"AZN",
|
|
"BAM",
|
|
"BBD",
|
|
"BDT",
|
|
"BGN",
|
|
"BHD",
|
|
"BIF",
|
|
"BMD",
|
|
"BND",
|
|
"BOB",
|
|
"BRL",
|
|
"BSD",
|
|
"BTN",
|
|
"BWP",
|
|
"BYR",
|
|
"BZD",
|
|
"CAD",
|
|
"CDF",
|
|
"CHF",
|
|
"CLP",
|
|
"CNY",
|
|
"COP",
|
|
"CRC",
|
|
"CUC",
|
|
"CUP",
|
|
"CVE",
|
|
"CZK",
|
|
"DJF",
|
|
"DKK",
|
|
"DOP",
|
|
"DZD",
|
|
"EGP",
|
|
"ERN",
|
|
"ETB",
|
|
"EUR",
|
|
"FJD",
|
|
"FKP",
|
|
"GBP",
|
|
"GEL",
|
|
"GGP",
|
|
"GHS",
|
|
"GIP",
|
|
"GMD",
|
|
"GNF",
|
|
"GTQ",
|
|
"GYD",
|
|
"HKD",
|
|
"HNL",
|
|
"HRK",
|
|
"HTG",
|
|
"HUF",
|
|
"IDR",
|
|
"ILS",
|
|
"IMP",
|
|
"INR",
|
|
"IQD",
|
|
"IRR",
|
|
"ISK",
|
|
"JEP",
|
|
"JMD",
|
|
"JOD",
|
|
"JPY",
|
|
"KES",
|
|
"KGS",
|
|
"KHR",
|
|
"KMF",
|
|
"KPW",
|
|
"KRW",
|
|
"KWD",
|
|
"KYD",
|
|
"KZT",
|
|
"LAK",
|
|
"LBP",
|
|
"LKR",
|
|
"LRD",
|
|
"LSL",
|
|
"LTL",
|
|
"LVL",
|
|
"LYD",
|
|
"MAD",
|
|
"MDL",
|
|
"MGA",
|
|
"MKD",
|
|
"MMK",
|
|
"MNT",
|
|
"MOP",
|
|
"MRO",
|
|
"MUR",
|
|
"MVR",
|
|
"MWK",
|
|
"MXN",
|
|
"MYR",
|
|
"MZN",
|
|
"NAD",
|
|
"NGN",
|
|
"NIO",
|
|
"NOK",
|
|
"NPR",
|
|
"NZD",
|
|
"OMR",
|
|
"PAB",
|
|
"PEN",
|
|
"PGK",
|
|
"PHP",
|
|
"PKR",
|
|
"PLN",
|
|
"PYG",
|
|
"QAR",
|
|
"RON",
|
|
"RSD",
|
|
"RUB",
|
|
"RWF",
|
|
"SAR",
|
|
"SBD",
|
|
"SCR",
|
|
"SDG",
|
|
"SEK",
|
|
"SGD",
|
|
"SHP",
|
|
"SLL",
|
|
"SOS",
|
|
"SPL",
|
|
"SRD",
|
|
"STD",
|
|
"SVC",
|
|
"SYP",
|
|
"SZL",
|
|
"THB",
|
|
"TJS",
|
|
"TMT",
|
|
"TND",
|
|
"TOP",
|
|
"TRY",
|
|
"TTD",
|
|
"TVD",
|
|
"TWD",
|
|
"TZS",
|
|
"UAH",
|
|
"UGX",
|
|
"USD",
|
|
"UYU",
|
|
"UZS",
|
|
"VEF",
|
|
"VND",
|
|
"VUV",
|
|
"WST",
|
|
"XAF",
|
|
"XCD",
|
|
"XDR",
|
|
"XOF",
|
|
"XPF",
|
|
"YER",
|
|
"ZAR",
|
|
"ZMK",
|
|
"ZWD"
|
|
]
|
|
}
|
|
},
|
|
"workeffort":{
|
|
"unit": [
|
|
"Minutes",
|
|
"Hours",
|
|
"Days",
|
|
"Weeks",
|
|
"Months",
|
|
"Years",
|
|
"Never",
|
|
"Unknown"
|
|
]
|
|
}
|
|
} |