Skip to content

Hide Navigation Hide TOC

Edit

INTERPOL DWVA Taxonomy

This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.

Authors
Authors and/or Contributors
INTERPOL Darkweb and Virtual Assets Working Group

Decentralized Apps

An application that does not rely on a central server but on several decentralized nodes. Each user can choose to be an active node serving the app.

Internal MISP references

UUID 469a982f-c2fc-557e-9539-39641d9cb842 which can be used as unique global reference for Decentralized Apps in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Infrastructure']

Hardware Wallet

A [hardware] cryptocurrency wallet is a device, physical medium, (...) which stores the private keys for cryptocurrency transactions. It will normally also contain the associated public keys.

Internal MISP references

UUID 6d62ceb4-d172-54da-9ae5-e766f58bf4d6 which can be used as unique global reference for Hardware Wallet in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Wallet']

Distributed Hash Technology

A decentralized distributed system that provides sharing contact information, so people downloading the same file can discover each other. Both Tor and I2P use DHT. Due to the distributed nature of the hidden services domain resolution, it is possible to deploy nodes in the DHT to monitor requests coming from a given domain.

Internal MISP references

UUID 9d537e25-39d8-5cc3-b769-48ff900dfa70 which can be used as unique global reference for Distributed Hash Technology in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Bitcoin

Bitcoin is a network protocol based on blockchain, introduced by Nakamoto [11] which allows payments and coin transfers to be made among participating entities. No trusted

Internal MISP references

UUID 4a6cfe47-bfc3-574d-9d07-950bd045e305 which can be used as unique global reference for Bitcoin in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Counterfeit product

Counterfeit consumer goods are goods, often of inferior quality, made or sold under another's brand name without the brand owner's authorization.

Internal MISP references

UUID f95b3fad-a0d1-5141-8729-689189ca70a9 which can be used as unique global reference for Counterfeit product in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Shop owner

A shop owner is an actor within the group of Criminal Actors; operating a DW shop.

Internal MISP references

UUID 80fc8f9c-26e8-5759-afde-26ac748193ea which can be used as unique global reference for Shop owner in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Hierarchically Deterministic wallets

An HD (Hierarchical Deterministic) Wallet is a tree of private/public keypairs starting from a master seed. This technology provides both account management and identity masking. A user only needs to keep the master seeds because she can generate following keypairs from the root key deterministically, and each public key that can be exposed is changed for each transaction.

Internal MISP references

UUID 73b6cf78-ae88-5fd5-8514-99e59063f1aa which can be used as unique global reference for Hierarchically Deterministic wallets in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Non Fungible Token

A non-fungible token (NFT) is a unit of data stored on a digital ledger, called a blockchain, that certifies a digital asset to be unique and therefore not interchangeable. NFTs can be used to represent items such as photos, videos, audio, and other types of digital files.

Internal MISP references

UUID 75a2011e-c289-5a69-ab7d-4259a333563b which can be used as unique global reference for Non Fungible Token in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Bulletproof Hosting

A (hosting) service that guarantees the availability of hosted resources even when they are found to be malicious or illegal.

Internal MISP references

UUID f5c58c28-64ac-5cb4-aa01-6ff9e7eb0e7f which can be used as unique global reference for Bulletproof Hosting in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Darknet Wiki

Wiki services, including directory services for other hidden services, hosted in the Dark Web.

Internal MISP references

UUID 63b2dd59-bc5d-5673-95bd-efca71d87c98 which can be used as unique global reference for Darknet Wiki in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Proof of Stake

In a Proof of Stake (PoS) network, users need to prove ownership of enough stakes to become validators. Ethereum (ETH) is moving from PoW to PoS. PoS offers several advantages over PoW: it is energy efficient, reduces hardware requirements and is less prone to centralisation

Internal MISP references

UUID ecf1ad91-1cf2-53dc-857e-f5f6b2b9223f which can be used as unique global reference for Proof of Stake in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Multisig

Multisig refers to all the transactions that require two or more signatures. Multisignature transactions and addresses are validated only when at least x of the possible y signatories have signed. x and y are defined at creation.

Internal MISP references

UUID 2487485a-cd53-5e1e-82a5-b69a9422e469 which can be used as unique global reference for Multisig in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Zcash

A cryptocurrency with a decentralized Blockchain that provides anonymity for its users and their transactions. It is similar to Bitcoin as an open-source, but their major differences are the increased level of privacy it provides.

Internal MISP references

UUID d34972ac-80c3-58ed-8c13-76a3f7ff2f3a which can be used as unique global reference for Zcash in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Finalize Early

Buyers may "finalize early" (FE), releasing funds from escrow to the vendor prior to receiving their goods in order to expedite a transaction. This can be done when there is a trust relationship between vendor and buyer, however it does leave the buyer vulnerable to fraud if they choose to do so.

Internal MISP references

UUID e699a6f3-2dc3-5df1-a3e5-bec7974fc985 which can be used as unique global reference for Finalize Early in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Coin swapping

CoinSwap is a protocol to make a transaction via a third party to obfuscate the money flow. For instance, when Alice would like to pay Bob, Carol offers to receive Alice's coin and pay Bob with an unconnected coin. While none of these parties trusts each other, this protocol does not allow Carol to rob Alice's coin.

Internal MISP references

UUID 2605341c-b0d1-51db-89fa-8bf0a3d03941 which can be used as unique global reference for Coin swapping in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Ripple

Ripple is a real-time gross settlement system, currency exchange and remittance network created by Ripple Labs Inc., a US-based technology company. (...) The ledger employs the native cryptocurrency known as XRP.

Internal MISP references

UUID 00c741af-99c2-5c44-84bd-c4b83975e747 which can be used as unique global reference for Ripple in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Vendor

Someone who is selling something.

Internal MISP references

UUID 6e524ade-26e4-5fcf-9da1-e975ea8aaaa1 which can be used as unique global reference for Vendor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Initial Coin Offering / Initial Crypto-Tokens Offering

Initial Coin Offerings (ICO) are public offers of new cryptocurrencies in exchange of existing ones, aimed to finance projects in the blockchain development arena. The typical pattern is for a startup to produce a white paper that describes their business model and technical approach. The white paper includes details about the functions that the tokens issued during the ICO will perform and the process of token creation.

Internal MISP references

UUID 51c1324f-a92e-5803-861a-473ed2c26b4a which can be used as unique global reference for Initial Coin Offering / Initial Crypto-Tokens Offering in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Layer 2

Layer 2 is a collective term for solutions designed to help scale decentralised applications by handling transactions off the Ethereum mainnet (layer 1), while taking advantage of the robust decentralized security model of mainnet.

Internal MISP references

UUID e35d6c4e-27c8-5f5b-91e5-8738298388f7 which can be used as unique global reference for Layer 2 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Virtual Asset Service Provider

Virtual asset service provider means any natural or legal person who (...) as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i) exchange between virtual assets and fiat currencies; ii) exchange between one or more forms of virtual assets; iii) transfer of virtual assets; iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Internal MISP references

UUID 2e2f67bf-d5a0-544a-a5e4-7bb9da23fd0c which can be used as unique global reference for Virtual Asset Service Provider in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Decentralized Exchange

Same as exchange but in a completely distributed environment. There is no central hosting server and all nodes are servers.

Internal MISP references

UUID 754d163f-01fc-551f-b501-c65591307d02 which can be used as unique global reference for Decentralized Exchange in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Metadata

Refers to data that provides information about a certain item's content. For example, an image may include information that describes how large the picture is or when the image was created, while a text document may contain information about the author of the document, or the IP address of the document's author, and so on.

Internal MISP references

UUID bf02d987-1f4e-500f-af39-8d85cda7ffd1 which can be used as unique global reference for Metadata in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Exit scam

An exit scam can be performed by a dark net martket or single vendor shop and is the process in which the one or more of the market admins prevents users withdrawing funds through the escrow system and then closes the market, exiting with all the bitcoins and other digital currencies they were holding in escrow.

Internal MISP references

UUID d457fb70-6f79-5e0b-aad0-c947a6b61faf which can be used as unique global reference for Exit scam in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Smart contract

A smart contract is a self-executing contract with the terms of the agreement between buyer and seller being directly written into lines of code. The code and the agreements contained therein exist across a distributed, decentralized blockchain network. The code controls the execution, and transactions are trackable and irreversible.

Internal MISP references

UUID ebf4b07b-e879-53c5-9b9e-862178742112 which can be used as unique global reference for Smart contract in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Service Provider

An actor that provides a service by making available and managing infrastructure or by executing a process

Internal MISP references

UUID 6e27d6e7-bb5f-5f8b-acff-2cb2a8e7ad02 which can be used as unique global reference for Service Provider in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Administrator

An actor whose job it is to supervise the technical operation of a service

Internal MISP references

UUID 4040b338-591d-5863-8d5e-474294e603e4 which can be used as unique global reference for Administrator in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Virtual Asset

A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.

Internal MISP references

UUID 1666d707-c38a-5153-88fc-9ed6fdfeef75 which can be used as unique global reference for Virtual Asset in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Darknet Forum

Forum services hosted in the Dark Web.

Internal MISP references

UUID c50cbe2d-8c5d-556c-a3a0-1ee2edf8091c which can be used as unique global reference for Darknet Forum in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Shop

A shop is a service where products from one actor (the shop owner) are traded.

Internal MISP references

UUID d6a68be7-82e7-5fd4-b653-27e8d15fb6dd which can be used as unique global reference for Shop in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Hosted wallet

A digital account hosted by third party financial institution, known as Virtual Asset Service Provider(VASP), which allows the account-holder (the user) to store, send, and receive cryptocurrency.

Internal MISP references

UUID 951ea43f-6acc-56c4-b51d-0618a7f23c3f which can be used as unique global reference for Hosted wallet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Wallet']

.Onion

A special-use top level domain name designating an anonymous onion service, which was formerly known as a "hidden service". It is referred to as that because of the “layered” approach to relays on the Tor Browser.

Internal MISP references

UUID 229e9ab2-4c75-52af-aab8-e73d0fe8b493 which can be used as unique global reference for .Onion in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Bridge

Blockchain bridges enable interoperability between vastly different networks, such as Bitcoin and Ethereum, and between one parent blockchain and its sidechains.

Internal MISP references

UUID 309242e2-7882-558e-9563-0bb477bff5b8 which can be used as unique global reference for Bridge in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Unhosted wallet

A wallet that is not hosted by a third-party financial system. It can be very difficult or impossible to determine who is accessing or in control of the use of cryptocurrencies in an unhosted wallet. Unhosted wallets allow for anonymity and concealment of illicit financial activity.

Internal MISP references

UUID 206859e5-f52b-5bad-8f49-08bc28d4e378 which can be used as unique global reference for Unhosted wallet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Wallet']

Drop Ship

A vending tactic involving the vendor passing the buyer’s address on to another vendor to ship to, eliminating any need for the middleman (dropshipper) to handle anything illegal in person.

Internal MISP references

UUID 3ba88867-6567-5102-97e5-ecc23145593c which can be used as unique global reference for Drop Ship in MISP communities and other software using the MISP galaxy

External references
  • DNM Bible Glossary
Associated metadata
Metadata key Value
kill_chain ['Entities:Generic']

Sidechain

A sidechain is a side blockchain that is linked to another blockchain, referred to as the main chain, via a two-way peg.

Internal MISP references

UUID 087b61b1-86b8-5859-95ec-ab26d76bd050 which can be used as unique global reference for Sidechain in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Flash Loan

A cryptocurrency loan executed trough a smart contract, with no collateral, that must be paid back in the same block. The purpose of a flash loan is to gain money through arbitrage (on different exchanges or different assets) without providing any collateral.

Internal MISP references

UUID d04b5d8c-a7ea-52f0-a5cc-96133466fe07 which can be used as unique global reference for Flash Loan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Escrow

An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties, with the disbursement dependent on conditions agreed to by the transacting parties.

Internal MISP references

UUID fc936928-f8be-5652-b13c-a0491158959a which can be used as unique global reference for Escrow in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Proof of Work

Bitcoin blockchain is constructed and validated by computation. Miners work to validate the blockchain with their computation power, proving their work for a reward. The Bitcoin Blockchain is based on Proof-of-Work.

Internal MISP references

UUID f4377e3b-ed10-5291-b984-4225013cde1b which can be used as unique global reference for Proof of Work in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Tumbler

A method of scrambling or anonymizing the source of one’s cryptocurrencies.

Internal MISP references

UUID 7739c2a5-45f5-58b1-97af-59e65f69284c which can be used as unique global reference for Tumbler in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Unspent Transaction Output

An unspent transaction output of cryptocurrencies. This output is considered as an input to new transaction.

Internal MISP references

UUID ea28ccaa-9786-5871-bda1-add90914da3d which can be used as unique global reference for Unspent Transaction Output in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Crypto-assets

A crypto-asset (...) is a digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a ledger existing in a form of a computerized database using strong cryptography to secure transaction records, to control the creation of additional coins, and to verify the transfer of coin ownership.

Internal MISP references

UUID e9bf2ffe-9695-5c79-a88d-792fefbed39b which can be used as unique global reference for Crypto-assets in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Bitcoin cash

Bitcoin Cash is a cryptocurrency that is a fork of Bitcoin. Bitcoin Cash is a spin-off or altcoin that was created in 2017.

Internal MISP references

UUID ff848751-0764-5053-89af-e0feb4aeb482 which can be used as unique global reference for Bitcoin cash in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

FIAT currencies

Fiat money is a currency (a medium of exchange) established as money, often by government regulation. Fiat money does not have intrinsic value and does not have use value. It has value only because a government maintains its value, or because parties engaging in exchange agree on its value.

Internal MISP references

UUID 5b639ba0-e080-548b-9950-6e6c6f4a1fbd which can be used as unique global reference for FIAT currencies in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Crypto ATM

A Bitcoin ATM (Automated Teller Machine) is a kiosk that allows a person to purchase Bitcoin and other cryptocurrencies by using cash or debit card. Some types of ATM also allow users to sell their cryptocurrency, dispensing cash in payment. Depending on the provider, the ATM can require KYC verification.

Internal MISP references

UUID 2bb19164-c3ff-503f-9971-400de7af7fee which can be used as unique global reference for Crypto ATM in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Ethereum

Ethereum is a decentralized, open-source blockchain with smart contract functionality. Ether (ETH) is the native cryptocurrency of the platform. It is the second-largest cryptocurrency by market capitalization, after Bitcoin. Ethereum is the most actively used blockchain.

Internal MISP references

UUID 2c0ef492-3bc0-510b-bd43-0802d9adf3f5 which can be used as unique global reference for Ethereum in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Yield farming

A process that lets you earn either fixed or variable interest by investing crypto in a DeFi market.

Internal MISP references

UUID cd806af8-2674-5d40-a0ed-af194df5737a which can be used as unique global reference for Yield farming in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Invisible Internet Protocol

An “anonymous overlay network” using the garlic routing protocol that encrypts multiple messages together to make data traffic analysis difficult, while simultaneously increasing network traffic speed. Each encrypted message has its own specific delivery instruction, and each endpoint works as a cryptographic identifier or what we refer to as “keys.” Since I2P is entirely peer-to-peer in structure, there's no hard-coded trusted set of directory stores. Instead, the network directory of I2P is netDb, a distributed database that is replicated across the network.

Internal MISP references

UUID 30b69477-70ff-51dc-b8f6-f29f03f5f0ac which can be used as unique global reference for Invisible Internet Protocol in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Regulator

Authority that defines (national) regulations

Internal MISP references

UUID 30e65bc1-97e7-588f-a717-cb47a52b6ec6 which can be used as unique global reference for Regulator in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Authorities']

Hidden Service

A collective name used to describe websites which require a special browser in order to access.

Internal MISP references

UUID 46800c1a-cceb-555d-9a22-5ebaebf62625 which can be used as unique global reference for Hidden Service in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Relay (node)

A relay is a node in the Tor network. When a request to access a particular hidden service is made, the browser calculates the optimal route through a series of relays, exchanging cryptographic keys between nodes, to display the content without disclosing the IP address of the request originator. Each relay decrypts a layer of encryption to reveal the next relay in the circuit to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing or knowing the source IP address.

Internal MISP references

UUID c751ccc2-a365-51f1-97a1-1fec29b9726d which can be used as unique global reference for Relay (node) in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Infrastructure']

Bitcoin Improvement Proposals

Bitcoin improvement proposals, these are the equivalent of RFCs. They define the protocols and structures of Bitcoin. They are developed and maintained at the Bitcoin Github.

Internal MISP references

UUID acbb92c2-be9c-55db-a264-2eb3ec09e6ce which can be used as unique global reference for Bitcoin Improvement Proposals in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Decentralized Finances

Smart Contracts on blockchains, DApps, mainly via the Ethereum technology and network. They are used to provide traditional financial services. The technology provides strong immunity against attackers and some level of anonymity and privacy. Transactions are confirmed relatively fast, but mostly lack KYC and AML compliance controls and offer limited to no user support and customer care. Current DeFi innovations include: Lending platforms; Prediction markets; Decentralised Exchange (DEXs); Staking and pooling platforms.

Internal MISP references

UUID a65902c5-b9d4-59ae-9b83-144923cea2bc which can be used as unique global reference for Decentralized Finances in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Customer

The end user of a service. Customer would be paying for the services (buying good, using a service, owning an asset...).

Internal MISP references

UUID 7a226797-891c-55f6-8f2e-0753c8c43fec which can be used as unique global reference for Customer in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Litecoin

Litecoin (LTC or Ł) is a peer-to-peer cryptocurrency and open-source software project released under the MIT/X11 license. Litecoin was an early bitcoin spinoff or altcoin, starting in October 2011. In technical details, Litecoin is nearly identical to Bitcoin.

Internal MISP references

UUID 6317fb5c-072e-5a80-845f-2577b18e4d89 which can be used as unique global reference for Litecoin in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Cyberterrorist

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.

Internal MISP references

UUID 61bbe7e3-3ad2-5e44-bd76-91c5058e301a which can be used as unique global reference for Cyberterrorist in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Tether

Tether is a controversial cryptocurrency with tokens issued by Tether Limited. It formerly falsely claimed that each token was backed by one United States dollar, but on 14 March 2019 changed the backing to include loans to affiliate companies.

Internal MISP references

UUID 058eb937-cce7-5469-a5fa-9def1e7b3744 which can be used as unique global reference for Tether in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Bank

A bank is a financial institution that accepts deposits from the public and creates a demand deposit while simultaneously making loans.

Internal MISP references

UUID 4ccf207f-40df-59ad-99d0-17fc7f9fd055 which can be used as unique global reference for Bank in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Monero

An open-source cryptocurrency created in April 2014 that focuses on fungibility, privacy and decentralization. Monero (XMR) uses an obfuscated public ledger, meaning anybody can broadcast or send transactions, but no outside observer can tell the source, amount or destination.

Internal MISP references

UUID d41ae632-4373-5915-b339-39ffe6ddff7d which can be used as unique global reference for Monero in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Binance Coin

BNB powers the Binance Ecosystem. As the native coin of Binance Chain, BNB has multiple use cases: fueling transactions on the Chain, paying for transaction fees on Binance Exchange, making in-store payments, and many more.

Internal MISP references

UUID 45800897-766c-51fe-ad0a-c33bb56277ba which can be used as unique global reference for Binance Coin in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Invisible Internet protocol network

A type of anonymity network similar to Tor, based on the Invisible Internet Project protocol.

Internal MISP references

UUID 27636f7b-1ac6-5db7-b322-045ed04b2de5 which can be used as unique global reference for Invisible Internet protocol network in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Dark_Web']

Darknet market

A darknet market is a commercial website on the web that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products.

Internal MISP references

UUID dae3b4a9-7838-5761-9356-faa9c55f0d47 which can be used as unique global reference for Darknet market in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Pretty Good Privacy

An abbreviation for Pretty Good Privacy, an encryption program popular for encrypting emails and files. Through the use of public and private keys, it allows users who have never met to send encrypted messages etc. to each other without exchanging private encryption keys.

Internal MISP references

UUID 0db385a9-9cbd-5420-acef-472029b9cd0a which can be used as unique global reference for Pretty Good Privacy in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Takedown notice

Notice and take down is a process operated by online hosts in response to court orders or allegations that content is illegal. Content is removed by the host following notice.

Internal MISP references

UUID a22efe40-4a32-59af-b219-216e8ced8dd5 which can be used as unique global reference for Takedown notice in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Victim

Someone or something that has been hurt, damaged, or killed or has suffered, either because of the actions of someone or something else, or because of illness or chance.

Internal MISP references

UUID 73f67ffc-a672-55dc-a0e0-6a21f22b5033 which can be used as unique global reference for Victim in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Polkadot

Polkadot is a heterogeneous multi-chain interchange and translation architecture which enables customised side-chains to connect with public blockchains.

Internal MISP references

UUID 6d36792e-836a-5c87-9f8c-a826169eb2c8 which can be used as unique global reference for Polkadot in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Bank credentials

Login credentials for e-services that are provided by financial institutions with a bank license.

Internal MISP references

UUID d9620d2b-7f4a-5a04-aa8a-63935f1d3011 which can be used as unique global reference for Bank credentials in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Money mule

A money mule, sometimes called a "smurfer," is a person who transfers money acquired illegally in person, through a courier service, or electronically, on behalf of others. Typically, the mule is paid for services with a small part of the money transferred.

Internal MISP references

UUID 91c16626-6b05-50e2-a344-62e07abac344 which can be used as unique global reference for Money mule in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Internet Relay Chat

A text-based chat service enabling users connected to a server to communicate with each other in real-time.

Internal MISP references

UUID 14461a3c-b0f9-57b7-9aae-633988f910d4 which can be used as unique global reference for Internet Relay Chat in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Software wallet

A [software] cryptocurrency wallet is a (...) program or a service which stores the private keys for cryptocurrency transactions. It will normally also contain the associated public keys.

Internal MISP references

UUID b2d781a1-97d1-503e-b7e1-d099fc348071 which can be used as unique global reference for Software wallet in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Wallet']

Cardano

Cardano is a public blockchain platform. It is open source and decentralized, with consensus achieved using proof of stake. It can facilitate peer-to-peer transactions with its internal cryptocurrency Ada.

Internal MISP references

UUID f8b5c74e-6cdd-5bf0-9f11-c2419db6bab4 which can be used as unique global reference for Cardano in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Dogecoin

Dogecoin (code: DOGE, symbol: Ð) is a cryptocurrency created by software engineers Billy Markus and Jackson Palmer, who decided to create a payment system that is instant, fun, and free from traditional banking fees.

Internal MISP references

UUID c93f371a-4d61-57fc-a3ef-e296eb5ddc4e which can be used as unique global reference for Dogecoin in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Cryptocurrency']

Exchange

Trading platform (commonly referred to as an “Exchange”) is the term within this paper used to describe any venue which facilitates the exchange of tokens for any form of money or asset. Trading platforms provide services to buy and sell tokens and/or for exchange of national (fiat) currencies backed by central banks.

Internal MISP references

UUID 470b9309-79e3-545e-bc6a-df45df7e43af which can be used as unique global reference for Exchange in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Blockchain

Blockchain is a distributed technology built under peer-to-peer network principles and cryptographic primitives, such as asymmetric encryption and digital signature. It allows trust-less users to exchange information and record transactions without external interference and coordination.

Internal MISP references

UUID 3fc478f2-b949-5b25-aecd-c7263e0f453d which can be used as unique global reference for Blockchain in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Darknet Email Service

Messaging services hosted or accessible via privacy enhanced networks.

Internal MISP references

UUID 58868c19-cee0-5f5c-b8fa-2db0e7be4277 which can be used as unique global reference for Darknet Email Service in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Credentials

A credential is a piece of any document that details a qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.

Internal MISP references

UUID 211d1030-727f-50e6-ae6e-05dd76bc72bd which can be used as unique global reference for Credentials in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Rug pull

A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investors’ funds

Internal MISP references

UUID 87a990fe-f558-5dc6-93c4-385c76160c83 which can be used as unique global reference for Rug pull in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Moderator

A person who manages the discussion contributions in an online forum.

Internal MISP references

UUID e9b5e147-ae3f-52fa-a927-e0fd45af269c which can be used as unique global reference for Moderator in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

TOR Network

A network of routers that adds encryption to conceal a web user’s location and usage so that these are resistant to surveillance and hence are truly anonymous. The domain names of these hidden sites all end in ‘.onion’ and they are only accessible by using a Tor browser. Tor stands for ‘The Onion Router’.

Internal MISP references

UUID 01d8b306-9f3c-58f3-a262-3666ef5422a6 which can be used as unique global reference for TOR Network in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Dark_Web']

ZeroNet

One of the newest Darknets, becoming increasingly popular. It is a combination of trackerless Bittorrent and a Blockchain for persistent site and user identity. ZeroNet optionally uses the Tor network as a virtual private network. As a full mesh network, all clients are also servers. By browsing to a “zite” as they are known in ZeroNet lingo, the machine used automatically becomes one of the servers for this zite also.

Internal MISP references

UUID 2aef7bc3-7dec-55e7-8efb-09f2c2d4b998 which can be used as unique global reference for ZeroNet in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Dark_Web']

Dead drop

The dead drop is a delivery model used by some vendors to distribute their products. A vendor uses a ‘dropman’ to hide consignments of pre-packaged drug deals in a number of suitably discreet offline locations. When a buyer makes a purchase from the vendor the geo-coordinates are provided to them for them to collect their order.

Internal MISP references

UUID 06d58504-8603-57cf-9684-fd170aec3e19 which can be used as unique global reference for Dead drop in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Coinjoin

Coinjoin is a method of mixing cryptocurrency tokens or coins, where two or more user transactions are combined into a single transaction on the blockchain, with multiple inputs and outputs. The concept behind that methodology is to obfuscate the link between an input and an output that would otherwise be apparent in a standard, single-user transaction. The coinjoin methodology is open-source and integrated into some software wallets, and is also available for use via a hosted online service.

Internal MISP references

UUID 3b0afb33-efce-56e5-9d17-9c4e29c24194 which can be used as unique global reference for Coinjoin in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Paste site/service

A pastebin or text storage site is a type of online content hosting service where users can store plain text, e.g. to source code snippets for code review via Internet Relay Chat (IRC).

Internal MISP references

UUID 1d370886-ae76-561b-bfda-00d7276a2672 which can be used as unique global reference for Paste site/service in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Service']

Deep Web

The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard web search-engines.

Internal MISP references

UUID 1671f327-3e58-5f64-94fe-acf0860effbe which can be used as unique global reference for Deep Web in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Infrastructure']

Cryptocurrencies User

(User of) Decentralized virtual currency that employs cryptography to accomplish tamper-resistance.

Internal MISP references

UUID 980a0996-5c70-5de2-9698-e5057015702d which can be used as unique global reference for Cryptocurrencies User in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Actor']

Flash loan attack

An attack to a DeFi protocol that exploits vulnerabilities in the flash loan system

Internal MISP references

UUID 9f510016-a418-563f-9ffc-0a8fb1393d07 which can be used as unique global reference for Flash loan attack in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Process']

Privacy coin

Privacy coins are a class of cryptocurrencies that power private and anonymous blockchain transactions by obscuring their origin and destination. Some of the techniques used include hiding a user’s real wallet balance and address, and mixing multiple transactions with each other to elude chain analysis.

Internal MISP references

UUID 96ccc6d4-fce6-5d4e-bfdc-4888a5af9aaa which can be used as unique global reference for Privacy coin in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Asset']

Peer-to-peer exchange

The exchange or sharing of information, data, or assets between parties without the involvement of a central authority. Peer-to-peer, or P2P, takes a decentralized approach to interactions between individuals and groups. This approach has been used in computers and networking (peer-to-peer file sharing), as well as with virtual assets trading.

Internal MISP references

UUID acf94ffc-7cfe-5f59-84a4-63c07b283e3c which can be used as unique global reference for Peer-to-peer exchange in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Technology']

Proxy

A virtual service that changes users’ IP addresses when using the Internet.

Internal MISP references

UUID 70d38f80-be9b-54aa-8918-3450db195147 which can be used as unique global reference for Proxy in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Entities:Infrastructure']

Scam

Scam denotes a fraudulent or deceptive act or operation.

Internal MISP references

UUID f29c9e38-b210-5e57-9c04-c9e24936b72e which can be used as unique global reference for Scam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Abuses:Concept']

Sextortion

Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion.

Internal MISP references

UUID c47c83c2-bd3f-5168-af5a-4ecb29a8def4 which can be used as unique global reference for Sextortion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Abuses:Concept']

Phishing

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

Internal MISP references

UUID d2206519-0e80-5794-8d4f-7c5ae4321da9 which can be used as unique global reference for Phishing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Abuses:Concept']

Service Hack

A service hack denotes the digital intrusion into a service with the goal to steal funds.

Internal MISP references

UUID 6ee22586-865d-5aa9-8b5a-7c667fd8f236 which can be used as unique global reference for Service Hack in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
kill_chain ['Abuses:Concept']

Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

Internal MISP references

UUID cf8e3755-4918-581f-b4cb-542b916cb2db which can be used as unique global reference for Ransomware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Abuses:Concept']

Ponzi Scheme

A Ponzi scheme is a form of fraud that lures investors and pays profits to earlier investors with funds from more recent investors

Internal MISP references

UUID 8a79fc5f-1639-564c-8c09-8dc0dc1abb9b which can be used as unique global reference for Ponzi Scheme in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
kill_chain ['Abuses:Concept']